On 25.08.2010, at 10:16, Heiko Carstens wrote:
> On Tue, Aug 24, 2010 at 03:48:51PM +0200, Alexander Graf wrote:
>> +static void hotplug_devices(struct work_struct *dummy)
>> +{
>> + unsigned int i;
>> + struct kvm_device_desc *d;
>> + struct device *dev;
>> +
>> + for (i = 0; i < PAGE_SIZE; i += desc_size(d)) {
>
> This should be
>
> for (i = 0; i + desc_size(d) <= PAGE_SIZE; i += desc_size(d)) {
>
> otherwise you might have memory accesses beyond the device page...
Oh, this is a simple copy&paste from the original search method. Is d valid in the first part of the loop already?
>
>> + d = kvm_devices + i;
>> +
>> + /* end of list */
>> + if (d->type == 0)
>> + break;
>
> ...even if that should not happen if everything works.
> But let's be paranoid.
Yeah :). I like paranoid.
Alex
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
