From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julien Grall <julien.grall@linaro.org>
Subject: Re: [PATCH v2] xen/arm: Correctly handle non-page
 aligned pointer in raw_copy_from_guest
Date: Tue, 18 Feb 2014 17:48:12 +0000
Message-ID: <53039CDC.6050209@linaro.org>
References: <1392742577-3052-1-git-send-email-julien.grall@linaro.org>
	<1392743412.23084.41.camel@kazak.uk.xensource.com>
	<1392745572.23084.66.camel@kazak.uk.xensource.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <julien.grall@linaro.org>) id 1WFomK-00015X-US
	for xen-devel@lists.xenproject.org; Tue, 18 Feb 2014 17:48:21 +0000
Received: by mail-ea0-f177.google.com with SMTP id m10so5383922eaj.22
	for <xen-devel@lists.xenproject.org>;
	Tue, 18 Feb 2014 09:48:19 -0800 (PST)
In-Reply-To: <1392745572.23084.66.camel@kazak.uk.xensource.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: xen-devel@lists.xenproject.org, tim@xen.org, George Dunlap <george.dunlap@citrix.com>, stefano.stabellini@citrix.com
List-Id: xen-devel@lists.xenproject.org

On 02/18/2014 05:46 PM, Ian Campbell wrote:
> On Tue, 2014-02-18 at 17:10 +0000, Ian Campbell wrote:
>> On Tue, 2014-02-18 at 16:56 +0000, Julien Grall wrote:
>>> The current implementation of raw_copy_guest helper may lead to data corruption
>>> and sometimes Xen crash when the guest virtual address is not aligned to
>>> PAGE_SIZE.
>>>
>>> When the total length is higher than a page, the length to read is badly
>>> compute with
>>>     min(len, (unsigned)(PAGE_SIZE - offset))
>>>
>>> As the offset is only computed one time per function, if the start address was
>>> not aligned to PAGE_SIZE, we can end up in same iteration:
>>>     - to read accross page boundary => xen crash
>>>     - read the previous page => data corruption
>>>
>>> This issue can be resolved by setting offset to 0 at the end of the first
>>> iteration. Indeed, after it, the virtual guest address is always aligned
>>> to PAGE_SIZE.
>>>
>>> Signed-off-by: Julien Grall <julien.grall@linaro.org>
>>
>> Acked-by: Ian Campbell <ian.campbell@citrix.com>
> 
> and applied.
> 
>>> +        /*
>>> +         * After the first iteration, guest virtual address is correctly
>>> +         * aligned to PAGE_SIZE.
>>> +         */
>>
>> I'd like to duplicate this comment in the other two places too -- if you
>> are OK with it I will do that as part of committing.
> 
> I did this.

Thanks! I didn't see this part on the previous message.

-- 
Julien Grall