From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: Re: Grant access to more than one dom Date: Thu, 08 May 2014 16:23:08 -0400 Message-ID: <536BE7AC.7030802@tycho.nsa.gov> References: <1005757746.20140417115849@gmail.com> <1397747022.24638.306.camel@kazak.uk.xensource.com> <197873202.20140417123854@gmail.com> <1397751294.24638.308.camel@kazak.uk.xensource.com> <582473149.20140417135713@gmail.com> <53500C5E.10904@tycho.nsa.gov> <33361074.20140417150609@gmail.com> <1746801210.20140508114712@gmail.com> <536BD46D.5050106@tycho.nsa.gov> <23546977.20140508160331@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <23546977.20140508160331@gmail.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Simon Martin Cc: Ian Campbell , xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 05/08/2014 04:03 PM, Simon Martin wrote: > Thanks Daniel, > > >> The add_grefs function strings the allocated gntalloc_gref structures onto >> two linked lists: the list heads are local, but are only used temporarily. >> If the operation is successful, the list_splice_tail calls wire up the >> linked lists to permanent structures on the heap; if unsuccessful, they >> are used to clean up. > > After sending the mail I kind of worked out the what, however the how > still bugs me. The function list_splice_tail does pointer juggling, > not allocation, so as far as I can see you just end up with pointers to > stack variables... > The allocation is done ingref = kzalloc(sizeof(*gref), GFP_KERNEL). Any pointers to stack variables are overwritten during the splice. -- Daniel De Graaf National Security Agency