xen/hypercall: fix hypercall fallback code for very old hypervisors

While copying the argument structures in HYPERVISOR_event_channel_op() and HYPERVISOR_physdev_op() into the local variable is sufficiently safe even if the actual structure is smaller than the container one, copying back eventual output values the same way isn't: This may collide with on-stack variables (particularly "rc") which may change between the first and second memcpy() (i.e. the second memcpy() could discard that change). Move the fallback code into out-of-line functions, and handle all of the operations known by this old a hypervisor individually: Some don't require copying back anything at all, and for the rest use the individual argument structures' sizes rather than the container's. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> [v2: Reduce #define/#undef usage in HYPERVISOR_physdev_op_compat().] [v3: Fix compile errors when modules use said hypercalls] [v4: Add xen_ prefix to the HYPERCALL_..] [v5: Alter the name and only EXPORT_SYMBOL_GPL one of them] Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
author: Jan Beulich <jbeulich@suse.com> 2012-10-19 15:25:37 -0400
committer: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> 2012-11-04 10:40:42 -0500
commit: cf47a83fb06e42ae1b572ed68326068c7feaceae (patch)
tree: 52e694ac8adfc67d8dc82e35e046c14f0ceb10c2 /arch
parent: 95a7d76897c1e7243d4137037c66d15cbf2cce76 (diff)
1 files changed, 7 insertions, 14 deletions
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59c226d120cd..c20d1ce62dc6 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -359,18 +359,14 @@ HYPERVISOR_update_va_mapping(unsigned long va, pte_t new_val,
                return _hypercall4(int, update_va_mapping, va,
                                   new_val.pte, new_val.pte >> 32, flags);
 }
+extern int __must_check xen_event_channel_op_compat(int, void *);
 static inline int
 HYPERVISOR_event_channel_op(int cmd, void *arg)
 {
        int rc = _hypercall2(int, event_channel_op, cmd, arg);
-        if (unlikely(rc == -ENOSYS)) {
+        if (unlikely(rc == -ENOSYS))
-                struct evtchn_op op;
+                rc = xen_event_channel_op_compat(cmd, arg);
-                op.cmd = cmd;
-                memcpy(&op.u, arg, sizeof(op.u));
-                rc = _hypercall1(int, event_channel_op_compat, &op);
-                memcpy(arg, &op.u, sizeof(op.u));
-        }
        return rc;
 }
@@ -386,17 +382,14 @@ HYPERVISOR_console_io(int cmd, int count, char *str)
        return _hypercall3(int, console_io, cmd, count, str);
 }
+extern int __must_check HYPERVISOR_physdev_op_compat(int, void *);
 static inline int
 HYPERVISOR_physdev_op(int cmd, void *arg)
 {
        int rc = _hypercall2(int, physdev_op, cmd, arg);
-        if (unlikely(rc == -ENOSYS)) {
+        if (unlikely(rc == -ENOSYS))
-                struct physdev_op op;
+                rc = HYPERVISOR_physdev_op_compat(cmd, arg);
-                op.cmd = cmd;
-                memcpy(&op.u, arg, sizeof(op.u));
-                rc = _hypercall1(int, physdev_op_compat, &op);
-                memcpy(arg, &op.u, sizeof(op.u));
-        }
        return rc;
 }
author	Jan Beulich <jbeulich@suse.com>	2012-10-19 15:25:37 -0400
committer	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>	2012-11-04 10:40:42 -0500
commit	cf47a83fb06e42ae1b572ed68326068c7feaceae (patch)
tree	52e694ac8adfc67d8dc82e35e046c14f0ceb10c2 /arch
parent	95a7d76897c1e7243d4137037c66d15cbf2cce76 (diff)