On 21.08.2025 17:25, Teddy Astie wrote:
> do_poll takes sched_poll* as parameter, but that's actually in guest memory
> (so it's more a guest handle).
No, it's not, or else ...
> --- a/xen/common/sched/core.c
> +++ b/xen/common/sched/core.c
> @@ -1437,21 +1437,13 @@ static void vcpu_block_enable_events(void)
> vcpu_block();
> }
>
> -static long do_poll(const struct sched_poll *sched_poll)
> +static long vcpu_poll(unsigned int nr_ports, uint64_t timeout, evtchn_port_t
> *ports)
> {
> struct vcpu *v = current;
> struct domain *d = v->domain;
> - evtchn_port_t port = 0;
> long rc;
> unsigned int i;
>
> - /* Fairly arbitrary limit. */
> - if ( sched_poll->nr_ports > 128 )
... this access would be a security issue. The handle is ...
> - return -EINVAL;
> -
> - if ( !guest_handle_okay(sched_poll->ports, sched_poll->nr_ports) )
... seen here, the ->ports member.
Here as well as for patch 1 and 3 what is entirely lacking from the description
is the mentioning of why the change is actually going to be useful.
Jan
