[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Device model operation hypercall (DMOP, re qemu depriv)

On 12/09/16 15:32, Jan Beulich wrote:
>>>> On 09.09.16 at 17:16, <Jennifer.Herbert@xxxxxxxxxx> wrote:
>> The following code illustrates this idea:
>> typedef struct dm_op_buffer {
>>      XEN_GUEST_HANDLE(void) h;
>>      size_t len;
>> } dm_op_buffer_t;
> This implies that we'll lose all type safety on the handles passed, as
> is also emphasized by the use of raw_copy_from_guest() in the code
> outline further down.

This is an direct result of the requirement that the privcmd driver does
not know the types of the sub-ops themselves.  We can't have this
requirement and type safety.  Which do we want?

I would point out that Linux copy_from_user() and copy_to_user()
functions are not type safe and I'm not aware that this causes many


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.