|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 4/6] x86/xstate: Fix latent bugs in expand_xsave_states()
On 13/09/16 09:23, Jan Beulich wrote:
>>>> On 12.09.16 at 18:21, <andrew.cooper3@xxxxxxxxxx> wrote:
>> Without checking the size input, the memcpy() for the uncompressed path might
>> read off the end of the vcpu's xsave_area. Both callers pass the approprite
>> size, so hold them to it with a BUG_ON().
>>
>> The compressed path is currently dead code, but its attempt to avoid leaking
>> uninitalised data was incomplete. Work around this by zeroing the whole rest
>> of the buffer before decompression.
>>
>> The loop skips all bits which aren't set in xstate_bv, meaning that the
>> memset() was dead code. The logic is more obvious with get_xsave_addr()
>> expanded inline, allowing for quite a lot of simplification, including all
>> the
>> NULL pointer logic.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <JBeulich@xxxxxxxx>
> with one suggestion:
>
>> void expand_xsave_states(struct vcpu *v, void *dest, unsigned int size)
>> {
>> struct xsave_struct *xsave = v->arch.xsave_area;
>> + const void *src;
> I think with the addition of this variable and the removal of the use of
> get_xsave_addr() "xsave" can now also be const.
So it can. Done.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |