|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] [v2] xen: hypercall: fix out-of-bounds memcpy
>>> On 05.02.18 at 16:03, <arnd@xxxxxxxx> wrote:
> int xen_event_channel_op_compat(int cmd, void *arg)
> {
> - struct evtchn_op op;
> + struct evtchn_op op = { .cmd = cmd, };
> + size_t len;
> int rc;
>
> - op.cmd = cmd;
> - memcpy(&op.u, arg, sizeof(op.u));
> - rc = _hypercall1(int, event_channel_op_compat, &op);
> -
> - switch (cmd) {
> - case EVTCHNOP_close:
> - case EVTCHNOP_send:
> - case EVTCHNOP_bind_vcpu:
> - case EVTCHNOP_unmask:
> - /* no output */
> - break;
> + if (cmd > ARRAY_SIZE(evtchnop_len))
> + return -ENOSYS;
>= perhaps?
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |