From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: [PATCH v2 02/21] xen: guestcopy: Provide an helper to safely copy string from guest Date: Thu, 31 Jul 2014 16:00:33 +0100 Message-ID: <1406818852-31856-3-git-send-email-julien.grall@linaro.org> References: <1406818852-31856-1-git-send-email-julien.grall@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1XCrqr-0000TE-Hu for xen-devel@lists.xenproject.org; Thu, 31 Jul 2014 15:01:05 +0000 Received: by mail-wg0-f49.google.com with SMTP id k14so2877780wgh.20 for ; Thu, 31 Jul 2014 08:01:02 -0700 (PDT) In-Reply-To: <1406818852-31856-1-git-send-email-julien.grall@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xenproject.org Cc: Keir Fraser , ian.campbell@citrix.com, tim@xen.org, Julien Grall , Ian Jackson , stefano.stabellini@citrix.com, Jan Beulich , Daniel De Graaf List-Id: xen-devel@lists.xenproject.org Flask code already provides an helper to copy a string from guest. In a later patch, the new DT hypercalls will need a similar function. To avoid code duplication, copy the flask helper (flask_copying_string) to common code: - Rename into safe_copy_string_from_guest - Update arguments. The size provided by the hypercall is unsigned not signed - Add comment to explain the extra +1 Signed-off-by: Julien Grall Cc: Daniel De Graaf Cc: Ian Campbell Cc: Ian Jackson Cc: Jan Beulich Cc: Keir Fraser Cc: Tim Deegan --- Changes in v2: - Rename copy_string_from_guest into safe_copy_string_from_guest - Update commit message and comment in the code --- xen/common/Makefile | 1 + xen/common/guestcopy.c | 29 +++++++++++++++++++++++++++++ xen/include/xen/guest_access.h | 5 +++++ xen/xsm/flask/flask_op.c | 29 +++-------------------------- 4 files changed, 38 insertions(+), 26 deletions(-) create mode 100644 xen/common/guestcopy.c diff --git a/xen/common/Makefile b/xen/common/Makefile index 3683ae3..627b6e3 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -9,6 +9,7 @@ obj-y += event_2l.o obj-y += event_channel.o obj-y += event_fifo.o obj-y += grant_table.o +obj-y += guestcopy.o obj-y += irq.o obj-y += kernel.o obj-y += keyhandler.o diff --git a/xen/common/guestcopy.c b/xen/common/guestcopy.c new file mode 100644 index 0000000..c01555c --- /dev/null +++ b/xen/common/guestcopy.c @@ -0,0 +1,29 @@ +#include +#include +#include + +/* The function copies a string from the guest and add a NUL-terminated to + * make sure the string is correctly finished. */ +int safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, char **buf, + unsigned long size, unsigned long max_size) +{ + char *tmp; + + if ( size > max_size ) + return -ENOENT; + + /* Add an extra +1 to append \0 */ + tmp = xmalloc_array(char, size + 1); + if ( !tmp ) + return -ENOMEM; + + if ( copy_from_guest(tmp, u_buf, size) ) + { + xfree(tmp); + return -EFAULT; + } + tmp[size] = 0; + + *buf = tmp; + return 0; +} diff --git a/xen/include/xen/guest_access.h b/xen/include/xen/guest_access.h index 373454e..4c669ad 100644 --- a/xen/include/xen/guest_access.h +++ b/xen/include/xen/guest_access.h @@ -8,6 +8,8 @@ #define __XEN_GUEST_ACCESS_H__ #include +#include +#include #define copy_to_guest(hnd, ptr, nr) \ copy_to_guest_offset(hnd, 0, ptr, nr) @@ -27,4 +29,7 @@ #define __clear_guest(hnd, nr) \ __clear_guest_offset(hnd, 0, nr) +int safe_copy_string_from_guest(XEN_GUEST_HANDLE(char) u_buf, char **buf, + unsigned long size, unsigned long max_size); + #endif /* __XEN_GUEST_ACCESS_H__ */ diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c index 7743aac..840a635 100644 --- a/xen/xsm/flask/flask_op.c +++ b/xen/xsm/flask/flask_op.c @@ -76,29 +76,6 @@ static int domain_has_security(struct domain *d, u32 perms) perms, NULL); } -static int flask_copyin_string(XEN_GUEST_HANDLE(char) u_buf, char **buf, - size_t size, size_t max_size) -{ - char *tmp; - - if ( size > max_size ) - return -ENOENT; - - tmp = xmalloc_array(char, size + 1); - if ( !tmp ) - return -ENOMEM; - - if ( copy_from_guest(tmp, u_buf, size) ) - { - xfree(tmp); - return -EFAULT; - } - tmp[size] = 0; - - *buf = tmp; - return 0; -} - #endif /* COMPAT */ static int flask_security_user(struct xen_flask_userlist *arg) @@ -112,7 +89,7 @@ static int flask_security_user(struct xen_flask_userlist *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->u.user, &user, arg->size, PAGE_SIZE); + rv = safe_copy_string_from_guest(arg->u.user, &user, arg->size, PAGE_SIZE); if ( rv ) return rv; @@ -227,7 +204,7 @@ static int flask_security_context(struct xen_flask_sid_context *arg) if ( rv ) return rv; - rv = flask_copyin_string(arg->context, &buf, arg->size, PAGE_SIZE); + rv = safe_copy_string_from_guest(arg->context, &buf, arg->size, PAGE_SIZE); if ( rv ) return rv; @@ -324,7 +301,7 @@ static int flask_security_resolve_bool(struct xen_flask_boolean *arg) if ( arg->bool_id != -1 ) return 0; - rv = flask_copyin_string(arg->name, &name, arg->size, bool_maxstr); + rv = safe_copy_string_from_guest(arg->name, &name, arg->size, bool_maxstr); if ( rv ) return rv; -- 1.7.10.4