From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: Re: [PATCH] tools/libxc: Don't leave scratch_pfn uninitialised if the domain has no memory Date: Mon, 2 Feb 2015 15:26:37 +0000 Message-ID: <1422890797.5695.6.camel@citrix.com> References: <1422460355-16163-1-git-send-email-andrew.cooper3@citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1422460355-16163-1-git-send-email-andrew.cooper3@citrix.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Andrew Cooper Cc: Wei Liu , Julien Grall , Ian Jackson , Jan Beulich , Xen-devel List-Id: xen-devel@lists.xenproject.org On Wed, 2015-01-28 at 15:52 +0000, Andrew Cooper wrote: > c/s 5b5c40c0d1 "libxc: introduce a per architecture scratch pfn for temporary > grant mapping" accidentally an issue whereby there were two paths out of > xc_core_arch_get_scratch_gpfn() which returned 0, but only one of which > assigned a value to the gpfn parameter. > > xc_domain_maximum_gpfn() can validly return 0, at which point gpfn 1 is a > valid scratch page to use. > > In addition, widen rc before adding 1 and possibly overflowing. > > Signed-off-by: Andrew Cooper > CC: Julien Grall > CC: Jan Beulich > CC: Ian Campbell > CC: Ian Jackson > CC: Wei Liu Acked + applied, thanks.