On 2015/6/15 23:01, Wei Liu wrote:
On Mon, Jun 15, 2015 at 09:50:49AM +0800, Chen, Tiejun wrote: [...]+ uint32_t flag, + uint16_t seg, + uint8_t bus, + uint8_t devfn, + unsigned int *nr_entries) +{ + struct xen_reserved_device_memory *xrdm; + int rc; + + rc = xc_reserved_device_memory_map(CTX->xch, flag, seg, bus, devfn, + NULL, nr_entries);xc_reserved_device_memory_map dereferences nr_entries. You need to make sure there is no garbage value in nr_entries. I.e. you need to initialise nr_entries to 0 before passing it in.Sure, so what about this? /* * We really can't presume how many entries we can get in advance. */ if (*nr_entries) *nr_entries = 0;You might just unconditionally set *nr_entries to 0.
Okay. Thanks Tiejun _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
