From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [BUGFIX][PATCH 3/4] hvm_save_one: return correct
 data.
Date: Sun, 22 Dec 2013 21:13:23 +0000
Message-ID: <52B755F3.2040605@citrix.com>
References: <1386809777-12898-1-git-send-email-dslutz@terremark.com>
	<1386809777-12898-4-git-send-email-dslutz@terremark.com>
	<52AB25B4020000780010D0B0@nat28.tlf.novell.com>
	<52ACF7CE.9030904@terremark.com> <52ADDE15.8010408@citrix.com>
	<52AEC522020000780010D7BE@nat28.tlf.novell.com>
	<52AF3D91.6000809@terremark.com> <52AF4776.9000303@citrix.com>
	<52B7401A.5070809@terremark.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta4.messagelabs.com ([85.158.143.247])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Andrew.Cooper3@citrix.com>) id 1VuqLC-00086N-AT
	for xen-devel@lists.xenproject.org; Sun, 22 Dec 2013 21:13:38 +0000
In-Reply-To: <52B7401A.5070809@terremark.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Don Slutz <dslutz@verizon.com>
Cc: Keir Fraser <keir@xen.org>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, Ian Jackson <ian.jackson@eu.citrix.com>, Jan Beulich <JBeulich@suse.com>, xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

On 22/12/2013 19:40, Don Slutz wrote:
> On 12/16/13 13:33, Andrew Cooper wrote:
>
> Not sure why it took till late 12/21 for me to get this e-mail.
>
>> On 16/12/2013 17:51, Don Slutz wrote:
>>> On 12/16/13 03:17, Jan Beulich wrote:
>>>>>>> On 15.12.13 at 17:51, Andrew Cooper <andrew.cooper3@citrix.com>
>>>>>>> wrote:
>>>>> On 15/12/2013 00:29, Don Slutz wrote:
> [snip]
>> Your loop condition needs to change be "off < (ctxt.cur -
>> sizeof(*desc))" otherwise the "off +=  sizeof(*desc)" can wander beyond
>> ctxt.cur in the loop body.  You also need to verify that the
>> copy_to_guest doesn't exceed ctxt.cur.
> fixed.
>> Stylistically, "desc = (void *)ctxt.data + off;" needs to be "desc =
>> (void *)(ctxt.data + off);" as the latter is standards compliment C
>> while the former is UB which GCC has an extension to deal with sensibly.
> fixed.
>> Also you have a double space before sizeof in "off +=  sizeof(*desc);"
> Fixed.  Version 4 attached.
>> ~Andrew
>>
>    -Don Slutz

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>