From mboxrd@z Thu Jan 1 00:00:00 1970 From: Keir Fraser Subject: Re: [PATCH] xen: Fix xenctl_cpumap_to_cpumask buffer size check Date: Tue, 13 Nov 2012 10:10:31 +0000 Message-ID: References: <50A214B902000078000A7F88@nat28.tlf.novell.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <50A214B902000078000A7F88@nat28.tlf.novell.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Jan Beulich , Matthew Daley Cc: xen-devel@lists.xen.org List-Id: xen-devel@lists.xenproject.org On 13/11/2012 08:36, "Jan Beulich" wrote: >> Fix by using the correct cpumask buffer size in place of sizeof. >> >> Signed-off-by: Matthew Daley > > Acked-by: Jan Beulich > > However, I would have preferred the adjustment to be ... > >> diff --git a/xen/common/domctl.c b/xen/common/domctl.c >> index e153cb4..204e951 100644 >> --- a/xen/common/domctl.c >> +++ b/xen/common/domctl.c >> @@ -78,7 +78,7 @@ int xenctl_cpumap_to_cpumask( >> { >> if ( copy_from_guest(bytemap, xenctl_cpumap->bitmap, copy_bytes) ) >> err = -EFAULT; >> - if ( (xenctl_cpumap->nr_cpus & 7) && (guest_bytes <= >> sizeof(bytemap)) ) >> + if ( (xenctl_cpumap->nr_cpus & 7) && (guest_bytes <= (nr_cpu_ids + >> 7) / 8) ) > > if ( (xenctl_cpumap->nr_cpus & 7) && (guest_bytes <= copy_bytes) ) > > or even (considering that guest_bytes >= copy_bytes due to the > way copy_bytes gets initialized) > > if ( (xenctl_cpumap->nr_cpus & 7) && (guest_bytes == copy_bytes) ) > > to make explicit when exactly the masking is necessary. Any of the three alternatives is fine by me. Acked-by: Keir Fraser