Re: [Xen-devel] [PATCH v3 09/15] argo: implement the sendv op; evtchn: expose send_guest_global_virq

Eric Chanudet Thu, 10 Jan 2019 13:42:23 -0800

On 06/01/19 at 11:42pm, Christopher Clark wrote:

+memcpy_to_guest_ring(struct argo_ring_info *ring_info, uint32_t offset,
+                     const void *src, XEN_GUEST_HANDLE(uint8_t) src_hnd,
+                     uint32_t len)
+{
+    unsigned int mfns_index = offset >> PAGE_SHIFT;
+    void *dst;
+    int ret;
+    unsigned int src_offset = 0;
+
+    ASSERT(spin_is_locked(&ring_info->lock));
+
+    offset &= ~PAGE_MASK;
+
+    if ( (len > XEN_ARGO_MAX_RING_SIZE) || (offset > XEN_ARGO_MAX_RING_SIZE) )
+        return -EFAULT;

With offset < PAGE_SIZE with the previous mask, shouldn't the sanity
check be:
   if (len + offset > XEN_ARGO_MAX_RING_SIZE)


--
Eric Chanudet

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v3 09/15] argo: implement the sendv op; evtchn: expose send_guest_global_virq

Reply via email to