[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/5] tmem: Check copy_to_user_* return value.

>>> On 25.11.13 at 18:00, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> wrote:

First of all, the title is wrong: You really mean copy_to_guest*().

> We weren't checking whether that operation fails and
> return the proper error.
> This fixes CID 1055125, 105512, 1055127, 1055128, 1055129,
> 1055130.

But if you're doing something like this, you should fix all instances,
not just some. Which would e.g. require
tmem_copy_to_client_buf_offset() to propagate the return value
of copy_to_guest_offset() (it's odd anyway that this one is an
inline function, while tmem_copy_to_client_buf() is a macro).

But then again I'm wondering what baseline your patch uses:

> --- a/xen/common/tmem.c
> +++ b/xen/common/tmem.c
> @@ -2146,8 +2146,12 @@ static int tmemc_list(domid_t cli_id, 
> tmem_cli_va_param_t buf, uint32_t len,
>      if ( cli_id == TMEM_CLI_ID_NULL ) {
>          off = tmemc_list_global(buf,0,len,use_long);
>          off += tmemc_list_shared(buf,off,len-off,use_long);

This isn't on line 2146 of today's staging tree, but on line 2239.

Hence looking at the individual changes may not make much sense,
as it's not clear whether there are other dependencies on earlier
changes here.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.