From: Ian Campbell Date: Wed, 18 Dec 2013 13:39:14 +0000 (+0000) Subject: xen: arm: process XENMEM_add_to_physmap_range forwards not backwards. X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5739 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=cd50b8cae268fc66969e2f3858e79c244a0eea0b;p=xen.git xen: arm: process XENMEM_add_to_physmap_range forwards not backwards. Jan points out that processing the list backwards is rather counter intuitive and that the effect of the hypercall can differ between forwards and backwards processing (e.g. in the presence of duplicate idx or gpfn, which would be unusual but as Jan says, users are a creative bunch) Signed-off-by: Ian Campbell Reviewed-by: Jan Beulich Cc: Mukesh Rathor --- diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 654281afd3..726adc7edf 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -1061,21 +1061,18 @@ static int xenmem_add_to_physmap_range(struct domain *d, { int rc; - /* Process entries in reverse order to allow continuations */ while ( xatpr->size > 0 ) { xen_ulong_t idx; xen_pfn_t gpfn; - if ( unlikely(copy_from_guest_offset(&idx, xatpr->idxs, - xatpr->size-1, 1)) ) + if ( unlikely(copy_from_guest_offset(&idx, xatpr->idxs, 0, 1)) ) { rc = -EFAULT; goto out; } - if ( unlikely(copy_from_guest_offset(&gpfn, xatpr->gpfns, - xatpr->size-1, 1)) ) + if ( unlikely(copy_from_guest_offset(&gpfn, xatpr->gpfns, 0, 1)) ) { rc = -EFAULT; goto out; @@ -1085,8 +1082,7 @@ static int xenmem_add_to_physmap_range(struct domain *d, xatpr->foreign_domid, idx, gpfn); - if ( unlikely(copy_to_guest_offset(xatpr->errs, - xatpr->size-1, &rc, 1)) ) + if ( unlikely(copy_to_guest_offset(xatpr->errs, 0, &rc, 1)) ) { rc = -EFAULT; goto out; @@ -1095,6 +1091,9 @@ static int xenmem_add_to_physmap_range(struct domain *d, if ( rc < 0 ) goto out; + guest_handle_add_offset(xatpr->idxs, 1); + guest_handle_add_offset(xatpr->gpfns, 1); + guest_handle_add_offset(xatpr->errs, 1); xatpr->size--; /* Check for continuation if it's not the last interation */