dgit.raspbian.org Git - xen.git/commit

author	Julien Grall <julien.grall@linaro.org>
	Tue, 18 Feb 2014 16:56:17 +0000 (16:56 +0000)
committer	Ian Campbell <ian.campbell@citrix.com>
	Tue, 18 Feb 2014 17:33:49 +0000 (17:33 +0000)
commit	4959e0eacf56456a4b16d59e98cec58f7c2d66be
tree	a32acbaf4ac217c45236e8a7b92a3b6c98dc6672	tree \| snapshot
parent	b7319350278d0220febc8a7dc8be8e8d41b0abd2	commit \| diff

xen/arm: Correctly handle non-page aligned pointer in raw_copy_from_guest

The current implementation of raw_copy_guest helper may lead to data corruption
and sometimes Xen crash when the guest virtual address is not aligned to
PAGE_SIZE.

When the total length is higher than a page, the length to read is badly
compute with
    min(len, (unsigned)(PAGE_SIZE - offset))

As the offset is only computed one time per function, if the start address was
not aligned to PAGE_SIZE, we can end up in same iteration:
    - to read accross page boundary => xen crash
    - read the previous page => data corruption

This issue can be resolved by setting offset to 0 at the end of the first
iteration. Indeed, after it, the virtual guest address is always aligned
to PAGE_SIZE.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: George Dunlap <george.dunlap@citrix.com>
[ ijc -- duplicated the comment in the other two functions with this behaviour ]