Re: [Xen-devel] [PATCH v5 6/8] xen/arm: introduce GNTTABOP_cache_flush

["Jan Beulich" <JBeulich@xxxxxxxx>]

>>> On 13.10.14 at 16:58, <stefano.stabellini@xxxxxxxxxxxxx> wrote:
> +static bool_t grant_map_exists(const struct domain *ld,
> +                        struct grant_table *rgt,
> +                        unsigned long mfn)
> +{
> +    const struct active_grant_entry *act;
> +    grant_ref_t ref;
> +
> +    ASSERT(spin_is_locked(&rgt->lock));
> +
> +    for ( ref = 0; ref != nr_grant_entries(rgt); ref++ )

Unless I overlooked something here or in an earlier patch I think
you're _still_ not enforcing a suitably low upper limit on the
variable that controls the maximum iteration count here. Whether
you enforce this the hard way (by just capping an eventual
command line specified value) or the soft way (by issuing a
warning that such a setting may hamper security, plus
documenting the supported value range) is up to you.

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel