On Thu, Jan 10, 2019 at 1:41 PM Eric Chanudet <eric.chanu...@gmail.com> wrote:
>
> On 06/01/19 at 11:42pm, Christopher Clark wrote:
> >+memcpy_to_guest_ring(struct argo_ring_info *ring_info, uint32_t offset,
> >+ const void *src, XEN_GUEST_HANDLE(uint8_t) src_hnd,
> >+ uint32_t len)
> >+{
> >+ unsigned int mfns_index = offset >> PAGE_SHIFT;
> >+ void *dst;
> >+ int ret;
> >+ unsigned int src_offset = 0;
> >+
> >+ ASSERT(spin_is_locked(&ring_info->lock));
> >+
> >+ offset &= ~PAGE_MASK;
> >+
> >+ if ( (len > XEN_ARGO_MAX_RING_SIZE) || (offset >
> >XEN_ARGO_MAX_RING_SIZE) )
> >+ return -EFAULT;
> With offset < PAGE_SIZE with the previous mask, shouldn't the sanity
> check be:
> if (len + offset > XEN_ARGO_MAX_RING_SIZE)
Yes, that's correct - thanks.
I'll switch the len and offset arguments to unsigned int while at it.
Christopher
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
