[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IRP buffer access in XENHID

Under certain situations, such as when input is being sent during driver install or sleep transition, FdoCsqPeekNextIrp can be called with an empty Fdo->List. In that case, FdoCsqPeekNextIrp dereferences the list head and returns an invalid IRP; it should check for this error condition.

Troy "Owen" Crosley

On Fri, Oct 16, 2020 at 4:05 AM Paul Durrant <xadimgnik@xxxxxxxxx> wrote:
Hi Owen,

  In testing Troy's power state handling patch I got a crash, which appears to be because XENHID is directly accessing user memory
in IRP handling (particularly UserBuffer in the hid callback) without probing for access. Is that just an oversight, or is there a
reason not to call ProbeForRead/Write() on the buffers?




Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.