On 18/12/2017 20:06, Adalber Lazăr wrote:
> + print_hex_dump_debug("kvmi: new token ", DUMP_PREFIX_NONE,
> + 32, 1, token, sizeof(struct kvmi_map_mem_token),
> + false);
> +
> + tep = kmalloc(sizeof(struct token_entry), GFP_KERNEL);
> + if (tep == NULL)
> + return -ENOMEM;
> +
> + INIT_LIST_HEAD(&tep->token_list);
> + memcpy(&tep->token, token, sizeof(struct kvmi_map_mem_token));
> + tep->kvm = kvm;
> +
> + spin_lock(&token_lock);
> + list_add_tail(&tep->token_list, &token_list);
> + spin_unlock(&token_lock);
> +
> + return 0;
This allows unlimited allocations on the host from the introspector
guest. You must only allow a fixed number of unconsumed tokens (e.g. 64).
Thanks,
Paolo
