On 12/09/16 15:32, Jan Beulich wrote: >>>> On 09.09.16 at 17:16, <jennifer.herb...@citrix.com> wrote: >> The following code illustrates this idea: >> >> typedef struct dm_op_buffer { >> XEN_GUEST_HANDLE(void) h; >> size_t len; >> } dm_op_buffer_t; > > This implies that we'll lose all type safety on the handles passed, as > is also emphasized by the use of raw_copy_from_guest() in the code > outline further down.
This is an direct result of the requirement that the privcmd driver does not know the types of the sub-ops themselves. We can't have this requirement and type safety. Which do we want? I would point out that Linux copy_from_user() and copy_to_user() functions are not type safe and I'm not aware that this causes many problems. David _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel