[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen staging] gnttab: check handle early in gnttab_get_status_frames()



commit 0c229e6c9fb1fef776a423dfcbbbe6b67122d7a6
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue Sep 7 09:36:20 2021 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Sep 7 09:36:20 2021 +0200

    gnttab: check handle early in gnttab_get_status_frames()
    
    Like done in gnttab_setup_table(), check the handle once early in the
    function and use the lighter-weight (for PV) copying function in the
    loop.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Reviewed-by: Julien Grall <jgrall@xxxxxxxxxx>
---
 xen/common/grant_table.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 2d6f38cd8c..da687acc61 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -3229,6 +3229,9 @@ 
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
         return -EFAULT;
     }
 
+    if ( !guest_handle_okay(op.frame_list, op.nr_frames) )
+        return -EFAULT;
+
     d = rcu_lock_domain_by_any_id(op.dom);
     if ( d == NULL )
     {
@@ -3269,7 +3272,7 @@ 
gnttab_get_status_frames(XEN_GUEST_HANDLE_PARAM(gnttab_get_status_frames_t) uop,
     for ( i = 0; i < op.nr_frames; i++ )
     {
         gmfn = gfn_x(gnttab_status_gfn(d, gt, i));
-        if ( copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
+        if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
             op.status = GNTST_bad_virt_addr;
     }
 
--
generated by git-patchbot for /home/xen/git/xen.git#staging



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.