Received: by 10.223.176.5 with SMTP id f5csp2627516wra; Mon, 5 Feb 2018 07:15:58 -0800 (PST) X-Google-Smtp-Source: AH8x226UxFnw2janGmIIgtYAlq6KbVTr24EoW6IpiMcXjWuUUOghMyEYuVNfS5VJ0kjTVRrX0icw X-Received: by 2002:a17:902:968d:: with SMTP id n13-v6mr45048473plp.33.1517843758179; Mon, 05 Feb 2018 07:15:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517843758; cv=none; d=google.com; s=arc-20160816; b=g17RV8Llf0ZGxtDZgPCljRvwFPEAKhSUDsZEYAz9SiEyuENyWs0Erdl/07jn+kF1Js Qq5p+p6+u41jkWDub/qKY4sFj9fWkfi5BQoPsbMzaJdR8rWvG8SJZupmhITbigHUCv+k 5t6hJd/QP9iKFn3sLDZvVQTqk6mNB4jlIzNn7F7+zOK2dNGJMDjKGzgHvGsUpthIWSqW tNe6CJVI0ox/i7DOVPVPuUEcWqhNMKJ8bfnojoNQSNVAUXbYIAEJmWHUYnyRHHMNG6/i dEVLprTN6HdoxdunpFBmTrRZiBR7wfM/OhEYfGFAuJN78ld8qssPviPVUbOPU3VrzEXm xTIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-disposition :content-transfer-encoding:mime-version:in-reply-to:references :subject:cc:to:from:date:message-id:arc-authentication-results; bh=UF4zfr6scWXsTW0ZNas+AmRfcpJ0DWpnmvsuOFusYGQ=; b=Rdc+mJhfAoOsrpJR1zG93DUpOCUbYgaNA0w4C//+a9+LyT36yECse3bd4iQsHAPEx3 RFZWuMkJR29U9HR5/T7bLulM5LadkJC3xxPfQhee037TEGt/G6G0HthxSEW6LVf/v6/0 7QxM46OI8dMxCt+RWJiXBqwXGJDguHujmNrrNdPP/L6FwrOxExvBDLxEDXyGztwPHPcK 2JaX5TOQ0Eqh2/Dcv6Z0B8cMQAi4VQbL2SBal8o7hhd/BmkCFc99Zm4bH9vvOOkdeb8w kQXaAD/95hnUUas1enn9TwGSzKRXo85HW1ax6wp3s47957T6Za9J/7fN1lJ76WqFmJmX G3bg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s8si3703590pgv.654.2018.02.05.07.15.43; Mon, 05 Feb 2018 07:15:58 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753279AbeBEPOq convert rfc822-to-8bit (ORCPT + 99 others); Mon, 5 Feb 2018 10:14:46 -0500 Received: from prv-mh.provo.novell.com ([137.65.248.74]:33790 "EHLO prv-mh.provo.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753237AbeBEPOi (ORCPT ); Mon, 5 Feb 2018 10:14:38 -0500 Received: from INET-PRV-MTA by prv-mh.provo.novell.com with Novell_GroupWise; Mon, 05 Feb 2018 08:14:37 -0700 Message-Id: <5A7882EA02000078001A552D@prv-mh.provo.novell.com> X-Mailer: Novell GroupWise Internet Agent 18.0.0 Date: Mon, 05 Feb 2018 08:14:34 -0700 From: "Jan Beulich" To: "Arnd Bergmann" Cc: "David Laight" , , "Boris Ostrovsky" , "Dan Carpenter" , "Juergen Gross" , Subject: Re: [Xen-devel] [PATCH] [v2] xen: hypercall: fix out-of-bounds memcpy References: <20180205150340.328921-1-arnd@arndb.de> In-Reply-To: <20180205150340.328921-1-arnd@arndb.de> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8BIT Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org >>> On 05.02.18 at 16:03, wrote: > int xen_event_channel_op_compat(int cmd, void *arg) > { > - struct evtchn_op op; > + struct evtchn_op op = { .cmd = cmd, }; > + size_t len; > int rc; > > - op.cmd = cmd; > - memcpy(&op.u, arg, sizeof(op.u)); > - rc = _hypercall1(int, event_channel_op_compat, &op); > - > - switch (cmd) { > - case EVTCHNOP_close: > - case EVTCHNOP_send: > - case EVTCHNOP_bind_vcpu: > - case EVTCHNOP_unmask: > - /* no output */ > - break; > + if (cmd > ARRAY_SIZE(evtchnop_len)) > + return -ENOSYS; >= perhaps? Jan