ia64/xen-unstable

changeset 2654:05c503f1fe35

bitkeeper revision 1.1159.113.5 (4173ddb2BchxLpqw2qoKi9rPhxXElA)

added error checking for copying dirty bitmap in PEEK and CLEAN shadow ops
author cwc22@centipede.cl.cam.ac.uk
date Mon Oct 18 15:13:54 2004 +0000 (2004-10-18)
parents 6ca032e0b814
children 1214770ada19
files BitKeeper/etc/logging_ok xen/arch/x86/shadow.c
line diff
     1.1 --- a/BitKeeper/etc/logging_ok	Mon Oct 18 14:38:09 2004 +0000
     1.2 +++ b/BitKeeper/etc/logging_ok	Mon Oct 18 15:13:54 2004 +0000
     1.3 @@ -11,6 +11,7 @@ br260@labyrinth.cl.cam.ac.uk
     1.4  br260@laudney.cl.cam.ac.uk
     1.5  cl349@freefall.cl.cam.ac.uk
     1.6  cl349@labyrinth.cl.cam.ac.uk
     1.7 +cwc22@centipede.cl.cam.ac.uk
     1.8  djm@kirby.fc.hp.com
     1.9  gm281@boulderdash.cl.cam.ac.uk
    1.10  gm281@tetrapod.cl.cam.ac.uk
     2.1 --- a/xen/arch/x86/shadow.c	Mon Oct 18 14:38:09 2004 +0000
     2.2 +++ b/xen/arch/x86/shadow.c	Mon Oct 18 15:13:54 2004 +0000
     2.3 @@ -295,11 +295,20 @@ static int shadow_mode_table_op(
     2.4              int bytes = ((((d->max_pages - i) > chunk) ?
     2.5                            chunk : (d->max_pages - i)) + 7) / 8;
     2.6       
     2.7 -            copy_to_user(
     2.8 -                sc->dirty_bitmap + (i/(8*sizeof(unsigned long))),
     2.9 -                m->shadow_dirty_bitmap +(i/(8*sizeof(unsigned long))),
    2.10 -                bytes);
    2.11 -     
    2.12 +            if (copy_to_user(
    2.13 +                    sc->dirty_bitmap + (i/(8*sizeof(unsigned long))),
    2.14 +                    m->shadow_dirty_bitmap +(i/(8*sizeof(unsigned long))),
    2.15 +                    bytes))
    2.16 +            {
    2.17 +                // copy_to_user can fail when copying to guest app memory.
    2.18 +                // app should zero buffer after mallocing, and pin it
    2.19 +                rc = -EINVAL;
    2.20 +                memset(
    2.21 +                    m->shadow_dirty_bitmap + (i/(8*sizeof(unsigned long))),
    2.22 +                    0, (d->max_pages/8) - (i/(8*sizeof(unsigned long))));
    2.23 +                break;
    2.24 +            }
    2.25 +
    2.26              memset(
    2.27                  m->shadow_dirty_bitmap + (i/(8*sizeof(unsigned long))),
    2.28                  0, bytes);
    2.29 @@ -322,8 +331,12 @@ static int shadow_mode_table_op(
    2.30          }
    2.31   
    2.32          sc->pages = d->max_pages;
    2.33 -        copy_to_user(
    2.34 -            sc->dirty_bitmap, m->shadow_dirty_bitmap, (d->max_pages+7)/8);
    2.35 +        if (copy_to_user(
    2.36 +            sc->dirty_bitmap, m->shadow_dirty_bitmap, (d->max_pages+7)/8))
    2.37 +        {
    2.38 +            rc = -EINVAL;
    2.39 +            break;
    2.40 +        }
    2.41  
    2.42          break;
    2.43