[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 1/8] xen/guest_access: Harden copy_to_guest_offset to prevent const dest operand
Hi Jan, On 01/04/2020 10:25, Jan Beulich wrote: On 31.03.2020 21:13, Julien Grall wrote:I am not aware of any way before C11 to check if a variable is const or not. If we wanted to keep allow void type the handle then a possible approach would be: #define copy_to_guest_offset(hnd, off, ptr, nr) ({ \ const typeof(*(ptr)) *_s = (ptr); \ typeof(*((hnd).p)) *_d = (hnd).p; \ size_t mul = (sizeof(*(hnd).p) > 1) ? 1 : sizeof (*_s); \ ((void)((hnd).p == (ptr))); \ raw_copy_to_guest(_d + (off) * mul, _s, sizeof(*_s)*(nr)); \ }) I don't particularly like it but I could not come up with better so far.Having looked at how in particular copy_field_to_guest() (which doesn't have this issue afaict) works, here's an imo much better alternative: @@ -87,6 +87,7 @@ #define copy_to_guest_offset(hnd, off, ptr, nr) ({ \ const typeof(*(ptr)) *_s = (ptr); \ char (*_d)[sizeof(*_s)] = (void *)(hnd).p; \ + void *__maybe_unused _t = (hnd).p; \ ((void)((hnd).p == (ptr))); \ raw_copy_to_guest(_d+(off), _s, sizeof(*_s)*(nr)); \ }) @@ -143,6 +144,7 @@ static inline void put_guest_handle(void #define __copy_to_guest_offset(hnd, off, ptr, nr) ({ \ const typeof(*(ptr)) *_s = (ptr); \ char (*_d)[sizeof(*_s)] = (void *)(hnd).p; \ + void *__maybe_unused _t = (hnd).p; \ ((void)((hnd).p == (ptr))); \ __raw_copy_to_guest(_d+(off), _s, sizeof(*_s)*(nr));\ }) I actually thought about this one but discarded it because it was using unused variable. But I am happy with it, I will have a look to respin the patch. Cheers, -- Julien Grall
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |