[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] hvm/dmop: make copy_buf_{from, to}_guest for a buffer not big enough an error

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Fri, 28 Apr 2017 14:00:12 +0000
Delivery-date: Fri, 28 Apr 2017 14:00:16 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xen.org>

commit 60f07f8adb5d0473b8e820509f2a6dfaa5443ca2
Author:     Jennifer Herbert <Jennifer.Herbert@xxxxxxxxxx>
AuthorDate: Wed Apr 26 09:40:00 2017 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Apr 26 09:40:00 2017 +0200

    hvm/dmop: make copy_buf_{from, to}_guest for a buffer not big enough an 
error
    
    This makes copying to or from a buf that isn't big enough an error.
    If the buffer isnt big enough, trying to carry on regardless
    can only cause trouble later on.
    
    Signed-off-by: Jennifer Herbert <Jennifer.Herbert@xxxxxxxxxx>
    Reviewed-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
    Release-acked-by: Julien Grall <julien.grall@xxxxxxx>
---
 xen/arch/x86/hvm/dm.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/xen/arch/x86/hvm/dm.c b/xen/arch/x86/hvm/dm.c
index e583e41..89186d2 100644
--- a/xen/arch/x86/hvm/dm.c
+++ b/xen/arch/x86/hvm/dm.c
@@ -36,30 +36,32 @@ static bool copy_buf_from_guest(const xen_dm_op_buf_t 
bufs[],
                                 unsigned int nr_bufs, void *dst,
                                 unsigned int idx, size_t dst_size)
 {
-    size_t size;
+    size_t buf_bytes;
 
     if ( idx >= nr_bufs )
         return false;
 
-    memset(dst, 0, dst_size);
-
-    size = min_t(size_t, dst_size, bufs[idx].size);
+    buf_bytes = bufs[idx].size;
+    if ( dst_size > buf_bytes )
+        return false;
 
-    return !copy_from_guest(dst, bufs[idx].h, size);
+    return !copy_from_guest(dst, bufs[idx].h, dst_size);
 }
 
 static bool copy_buf_to_guest(const xen_dm_op_buf_t bufs[],
                               unsigned int nr_bufs, unsigned int idx,
                               const void *src, size_t src_size)
 {
-    size_t size;
+    size_t buf_bytes;
 
     if ( idx >= nr_bufs )
         return false;
 
-    size = min_t(size_t, bufs[idx].size, src_size);
+    buf_bytes = bufs[idx].size;
+    if ( src_size > buf_bytes )
+        return false;
 
-    return !copy_to_guest(bufs[idx].h, src, size);
+    return !copy_to_guest(bufs[idx].h, src, src_size);
 }
 
 static int track_dirty_vram(struct domain *d, xen_pfn_t first_pfn,
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

Prev by Date: [Xen-changelog] [xen master] hvm/dmop: box dmop_args rather than passing multiple parameters around
Next by Date: [Xen-changelog] [xen master] hvm/dmop: implement COPY_{TO, FROM}_GUEST_BUF() in terms of raw accessors
Previous by thread: [Xen-changelog] [xen master] hvm/dmop: box dmop_args rather than passing multiple parameters around
Next by thread: [Xen-changelog] [xen master] hvm/dmop: implement COPY_{TO, FROM}_GUEST_BUF() in terms of raw accessors
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.