[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>, "Paul Durrant" <paul.durrant@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Wed, 08 Aug 2018 04:47:11 -0600
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Wed, 08 Aug 2018 10:47:18 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>> On 08.08.18 at 12:10, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 08/08/18 10:00, Paul Durrant wrote:
>> +static int gnttab_get_status_frame_mfn(struct domain *d,
>> +                                       unsigned long idx, mfn_t *mfn)
>> +{
>> +    struct grant_table *gt = d->grant_table;
>> +
>> +    ASSERT(gt->gt_version == 2);
>> +
>> +    if ( idx >= nr_status_frames(gt) )
>> +    {
>> +        unsigned long nr = status_to_grant_frames(idx + 1);
> 
> Why the +1 ? Won't that cause a failure if you attempt to map the
> maximum valid index?

That's the normal index-of-something to count-of-something
conversion (or else the table may get grown by too little). I've
instead been considering the badness of overflow here, but
decided to leave it uncommented as the check further down
would at least not make this insecure. However, with ...

>> +
>> +        if ( nr <= gt->max_grant_frames )
>> +            gnttab_grow_table(d, nr);
> 
> You want to capture the return value of grow_table(), which at least
> distinguishes between ENODEV and ENOMEM.
> 
>> +
>> +        if ( idx >= nr_status_frames(gt) )
>> +            return -EINVAL;
> 
> This can probably(?) be asserted if gnttab_grow_table() returns
> successfully.

... these two a potential overflow above would then have a
chance of triggering the assertion you suggest to add.

As to the grow_table() return value check - I'd prefer if the
patch here didn't alter original behavior. If we want it altered,
better in a separate patch.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table
  - From: Paul Durrant

References:
- [Xen-devel] [PATCH v21 0/2] guest resource mapping (reprise)
  - From: Paul Durrant
- [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table
  - From: Paul Durrant
- Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table
Next by Date: Re: [Xen-devel] [PATCH v3] x86/hvm: remove default ioreq server
Previous by thread: Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table
Next by thread: Re: [Xen-devel] [PATCH v21 1/2] common: add a new mappable resource type: XENMEM_resource_grant_table
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.