From: Jan Beulich <jbeulich@suse.com>
To: Julien Grall <julien@xen.org>
Cc: "Stefano Stabellini" <sstabellini@kernel.org>,
"Wei Liu" <wl@xen.org>,
"Andrew Cooper" <andrew.cooper3@citrix.com>,
"Julien Grall" <jgrall@amazon.com>,
xen-devel@lists.xenproject.org,
"Volodymyr Babchuk" <Volodymyr_Babchuk@epam.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: Re: [PATCH v2] xen/guest_access: Harden *copy_to_guest_offset() to prevent const dest operand
Date: Mon, 6 Apr 2020 13:01:37 +0200 [thread overview]
Message-ID: <391ef401-b5d3-2f95-5fe3-c32f372dcc92@suse.com> (raw)
In-Reply-To: <20200404130613.26428-1-julien@xen.org>
On 04.04.2020 15:06, Julien Grall wrote:
> From: Julien Grall <jgrall@amazon.com>
>
> At the moment, *copy_to_guest_offset() will allow the hypervisor to copy
> data to guest handle marked const.
>
> Thankfully, no users of the helper will do that. Rather than hoping this
> can be caught during review, harden copy_to_guest_offset() so the build
> will fail if such users are introduced.
>
> There is no easy way to check whether a const is NULL in C99. The
> approach used is to introduce an unused variable that is non-const and
> assign the handle. If the handle were const, this would fail at build
> because without an explicit cast, it is not possible to assign a const
> variable to a non-const variable.
>
> Suggested-by: Jan Beulich <jbeulich@suse.com>
> Signed-off-by: Julien Grall <jgrall@amazon.com>
I'm not convinced it is a good idea to add (recurring) comments
like you do - there are more aspects of these macros that would
be worth commenting on, and commenting on some but not all may
give the wrong impression of all subtleties being covered (also
for others).
In any event I'd like to ask that each header gain such a
comment only once, with the other being a tiny reference to the
one "complete" instance.
Jan
next prev parent reply other threads:[~2020-04-06 11:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-04 13:06 [PATCH v2] xen/guest_access: Harden *copy_to_guest_offset() to prevent const dest operand Julien Grall
2020-04-06 11:01 ` Jan Beulich [this message]
2020-04-07 9:01 ` Julien Grall
2020-04-07 9:06 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=391ef401-b5d3-2f95-5fe3-c32f372dcc92@suse.com \
--to=jbeulich@suse.com \
--cc=Volodymyr_Babchuk@epam.com \
--cc=andrew.cooper3@citrix.com \
--cc=jgrall@amazon.com \
--cc=julien@xen.org \
--cc=roger.pau@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wl@xen.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.