On Mon, Jun 15, 2015 at 09:50:49AM +0800, Chen, Tiejun wrote:
[...]
> >>+ uint32_t flag,
> >>+ uint16_t seg,
> >>+ uint8_t bus,
> >>+ uint8_t devfn,
> >>+ unsigned int *nr_entries)
> >>+{
> >>+ struct xen_reserved_device_memory *xrdm;
> >>+ int rc;
> >>+
> >>+ rc = xc_reserved_device_memory_map(CTX->xch, flag, seg, bus, devfn,
> >>+ NULL, nr_entries);
> >
> >xc_reserved_device_memory_map dereferences nr_entries. You need to make
> >sure there is no garbage value in nr_entries. I.e. you need to
> >initialise nr_entries to 0 before passing it in.
>
> Sure, so what about this?
>
> /*
> * We really can't presume how many entries we can get in advance.
> */
> if (*nr_entries)
> *nr_entries = 0;
>
You might just unconditionally set *nr_entries to 0.
Wei.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
