On 12/09/16 15:32, Jan Beulich wrote:
>>>> On 09.09.16 at 17:16, <jennifer.herb...@citrix.com> wrote:
>> The following code illustrates this idea:
>>
>> typedef struct dm_op_buffer {
>> XEN_GUEST_HANDLE(void) h;
>> size_t len;
>> } dm_op_buffer_t;
>
> This implies that we'll lose all type safety on the handles passed, as
> is also emphasized by the use of raw_copy_from_guest() in the code
> outline further down.
This is an direct result of the requirement that the privcmd driver does
not know the types of the sub-ops themselves. We can't have this
requirement and type safety. Which do we want?
I would point out that Linux copy_from_user() and copy_to_user()
functions are not type safe and I'm not aware that this causes many
problems.
David
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
