From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH 03/22] libxc: Fix range checking in xc_dom_pfn_to_ptr etc. Date: Mon, 10 Jun 2013 16:53:20 +0100 Message-ID: <51B5F670.8010205@citrix.com> References: <1370629642-6990-1-git-send-email-ian.jackson@eu.citrix.com> <1370629642-6990-4-git-send-email-ian.jackson@eu.citrix.com> <51B5F4D4.1000402@citrix.com> <20917.62820.223530.788246@mariner.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20917.62820.223530.788246@mariner.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Ian Jackson Cc: "xen-devel@lists.xensource.com" , "mattjd@gmail.com" , "security@xen.org" List-Id: xen-devel@lists.xenproject.org On 10/06/13 16:48, Ian Jackson wrote: > Andrew Cooper writes ("Re: [PATCH 03/22] libxc: Fix range checking in xc_dom_pfn_to_ptr etc."): >> In PATCH 2, the pages_out parameter is optional in so far as it is >> checked for being NULL. >> >> Here, the safe_region_out parameter is not optional, in so far as we >> unconditionally fault if it is NULL. (unless someone is playing games >> and mapping something at address 0) > Maybe it would be better to change the function in patch 2, instead. > > After all, ideally, we don't want people calling either of these > without receiving the length. And the patch 2 function is provided > specifically as a version to provide the length so there's no need to > pass NULL. > > Ian. But in patch 2, the non _pages() variant passes NULL as a parameter. It could be modified to pass a pointer to a dummy value on the stack, along with a note to fix up the original callsites in the general bugfixes following the security patches. ~Andrew