[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/8] xen/guest_access: Harden copy_to_guest_offset to prevent const dest operand
Hi Jan,
On 01/04/2020 10:25, Jan Beulich wrote:
On 31.03.2020 21:13, Julien Grall wrote:
I am not aware of any way before C11 to check if a variable is
const or not. If we wanted to keep allow void type the handle
then a possible approach would be:
#define copy_to_guest_offset(hnd, off, ptr, nr) ({ \
const typeof(*(ptr)) *_s = (ptr); \
typeof(*((hnd).p)) *_d = (hnd).p; \
size_t mul = (sizeof(*(hnd).p) > 1) ? 1 : sizeof (*_s); \
((void)((hnd).p == (ptr))); \
raw_copy_to_guest(_d + (off) * mul, _s, sizeof(*_s)*(nr)); \
})
I don't particularly like it but I could not come up with better so far.
Having looked at how in particular copy_field_to_guest() (which
doesn't have this issue afaict) works, here's an imo much better
alternative:
@@ -87,6 +87,7 @@
#define copy_to_guest_offset(hnd, off, ptr, nr) ({ \
const typeof(*(ptr)) *_s = (ptr); \
char (*_d)[sizeof(*_s)] = (void *)(hnd).p; \
+ void *__maybe_unused _t = (hnd).p; \
((void)((hnd).p == (ptr))); \
raw_copy_to_guest(_d+(off), _s, sizeof(*_s)*(nr)); \
})
@@ -143,6 +144,7 @@ static inline void put_guest_handle(void
#define __copy_to_guest_offset(hnd, off, ptr, nr) ({ \
const typeof(*(ptr)) *_s = (ptr); \
char (*_d)[sizeof(*_s)] = (void *)(hnd).p; \
+ void *__maybe_unused _t = (hnd).p; \
((void)((hnd).p == (ptr))); \
__raw_copy_to_guest(_d+(off), _s, sizeof(*_s)*(nr));\
})
I actually thought about this one but discarded it because it was using
unused variable. But I am happy with it, I will have a look to respin
the patch.
Cheers,
--
Julien Grall
|
