On 07/12/2016 01:00, Jiandi An wrote:
> Error return code from xenmem_add_to_physmap_one() is not properly
> handled in xenmem_add_to_physmap_batch(). This causes do_memory_op()
> to return success to guest even though the underlying memory map fails.
>
> Signed-off-by: Jiandi An <anjia...@codeaurora.org>
> ---
> xen/common/memory.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/xen/common/memory.c b/xen/common/memory.c
> index 21797ca..4e46258 100644
> --- a/xen/common/memory.c
> +++ b/xen/common/memory.c
> @@ -762,6 +762,8 @@ static int xenmem_add_to_physmap_batch(struct domain *d,
> rc = xenmem_add_to_physmap_one(d, xatpb->space,
> xatpb->u,
> idx, _gfn(gpfn));
> + if ( rc < 0 )
> + goto out;
>
> if ( unlikely(__copy_to_guest_offset(xatpb->errs, 0, &rc, 1)) )
> {
This can't be correct. You now skip writing rc into the errs[] array on
a failure, which means that userspace will get an overall failure but an
errs[] array which said that nothing went wrong.
This code addition looks like it wants to be an "else if" on the end of
this if() in context.
~Andrew
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
