From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arun Sharma Subject: [PATCH][10/10] Use copy_from_user when accessing guest_pt[] Date: Wed, 29 Jun 2005 22:53:29 -0700 Message-ID: <20050630055329.GA7509@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Ian Pratt , Keir Fraser Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org Use copy_from_user when accessing guest_pt[] Signed-off-by: Arun Sharma diff -r 2d289d7ab961 -r d0eccea63a24 xen/arch/x86/shadow.c --- a/xen/arch/x86/shadow.c Thu Jun 30 05:26:09 2005 +++ b/xen/arch/x86/shadow.c Thu Jun 30 05:26:24 2005 @@ -1906,7 +1906,7 @@ unsigned long gpfn, unsigned index) { unsigned long smfn = __shadow_status(d, gpfn, PGT_snapshot); - l1_pgentry_t *snapshot; // could be L1s or L2s or ... + l1_pgentry_t *snapshot, gpte; // could be L1s or L2s or ... int entries_match; perfc_incrc(snapshot_entry_matches_calls); @@ -1916,10 +1916,14 @@ snapshot = map_domain_page(smfn); + if (__copy_from_user(&gpte, &guest_pt[index], + sizeof(gpte))) + return 0; + // This could probably be smarter, but this is sufficent for // our current needs. // - entries_match = !l1e_has_changed(guest_pt[index], snapshot[index], + entries_match = !l1e_has_changed(gpte, snapshot[index], PAGE_FLAG_MASK); unmap_domain_page(snapshot);