Le 13/05/2021 à 12:03, Juergen Gross a écrit :
Xen frontends shouldn't BUG() in case of illegal data received from
their backends. So replace the BUG_ON()s when reading illegal data from
the ring page with negative return values.

Signed-off-by: Juergen Gross <jgr...@suse.com>
---
  drivers/tty/hvc/hvc_xen.c | 15 +++++++++++++--
  1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/drivers/tty/hvc/hvc_xen.c b/drivers/tty/hvc/hvc_xen.c
index 92c9a476defc..30d7ffb1e04c 100644
--- a/drivers/tty/hvc/hvc_xen.c
+++ b/drivers/tty/hvc/hvc_xen.c
@@ -86,6 +86,11 @@ static int __write_console(struct xencons_info *xencons,
        cons = intf->out_cons;
        prod = intf->out_prod;
        mb();                   /* update queue values before going on */
+
+       if (WARN_ONCE((prod - cons) > sizeof(intf->out),
+                     "Illegal ring page indices"))
+               return -EINVAL;
+
        BUG_ON((prod - cons) > sizeof(intf->out));

Why keep the BUG_ON() ?


while ((sent < len) && ((prod - cons) < sizeof(intf->out)))
@@ -114,7 +119,10 @@ static int domU_write_console(uint32_t vtermno, const char 
*data, int len)
         */
        while (len) {
                int sent = __write_console(cons, data, len);
-               
+
+               if (sent < 0)
+                       return sent;
+
                data += sent;
                len -= sent;
@@ -138,7 +146,10 @@ static int domU_read_console(uint32_t vtermno, char *buf, int len)
        cons = intf->in_cons;
        prod = intf->in_prod;
        mb();                   /* get pointers before reading ring */
-       BUG_ON((prod - cons) > sizeof(intf->in));
+
+       if (WARN_ONCE((prod - cons) > sizeof(intf->in),
+                     "Illegal ring page indices"))
+               return -EINVAL;
while (cons != prod && recv < len)
                buf[recv++] = intf->in[MASK_XENCONS_IDX(cons++, intf->in)];


Reply via email to