[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen master] memory: don't depend on guest_handle_subrange_okay() implementation details

commit 3b537c692361579b1c4e4108fc497dae8d0dcd86
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Thu Jun 6 16:03:10 2019 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Thu Jun 6 16:03:10 2019 +0200

    memory: don't depend on guest_handle_subrange_okay() implementation details
    
    guest_handle_subrange_okay() takes inclusive first and last parameters,
    i.e. checks that [first, last] is valid. Many callers, however, actually
    need to see whether [first, limit) is valid (i.e., limit is non-
    inclusive), and to do this they subtract 1 from the size. This is
    normally correct, except in cases where first == limit, in which case
    guest_handle_subrange_okay() will be passed a second parameter less than
    its first.
    
    As it happens, due to the way the math is implemented in x86's
    guest_handle_subrange_okay(), the return value turns out to be correct;
    but we shouldnÂ?t rely on this behavior.
    
    Make sure all callers handle first == limit explicitly before calling
    guest_handle_subrange_okay().
    
    Note that the other uses (increase-reservation, populate-physmap, and
    decrease-reservation) are already fine due to a suitable check in
    do_memory_op().
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: George Dunlap <george.dunlap@xxxxxxxxxx>
---
 xen/common/memory.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/xen/common/memory.c b/xen/common/memory.c
index 520d6f4803..b8be19a890 100644
--- a/xen/common/memory.c
+++ b/xen/common/memory.c
@@ -541,6 +541,9 @@ static long 
memory_exchange(XEN_GUEST_HANDLE_PARAM(xen_memory_exchange_t) arg)
         goto fail_early;
     }
 
+    if ( exch.nr_exchanged == exch.in.nr_extents )
+        return 0;
+
     if ( !guest_handle_subrange_okay(exch.in.extent_start, exch.nr_exchanged,
                                      exch.in.nr_extents - 1) )
     {
@@ -866,9 +869,12 @@ static int xenmem_add_to_physmap_batch(struct domain *d,
                                        struct xen_add_to_physmap_batch *xatpb,
                                        unsigned int extent)
 {
-    if ( xatpb->size < extent )
+    if ( unlikely(xatpb->size < extent) )
         return -EILSEQ;
 
+    if ( unlikely(xatpb->size == extent) )
+        return extent ? -EILSEQ : 0;
+
     if ( !guest_handle_subrange_okay(xatpb->idxs, extent, xatpb->size - 1) ||
          !guest_handle_subrange_okay(xatpb->gpfns, extent, xatpb->size - 1) ||
          !guest_handle_subrange_okay(xatpb->errs, extent, xatpb->size - 1) )
--
generated by git-patchbot for /home/xen/git/xen.git#master


_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.