On 16.02.2025 22:19, Oleksandr Tyshchenko wrote: > From: Oleksandr Tyshchenko <[email protected]> > > This is actually what the caller acquire_resource() expects on any kind > of error (the comment on top of resource_max_frames() also suggests that). > Otherwise, the caller will treat -errno as a valid value and propagate > incorrect > nr_frames to the VM. As a possible consequence, a VM trying to query a > resource > size of an unknown type will get the success result from the hypercall and > obtain > nr_frames 4294967201. > > Fixes: 9244528955de ("xen/memory: Fix acquire_resource size semantics") > Signed-off-by: Oleksandr Tyshchenko <[email protected]>
Reviewed-by: Jan Beulich <[email protected]> albeit preferably with an addition: > --- a/xen/common/memory.c > +++ b/xen/common/memory.c > @@ -1157,7 +1157,7 @@ static unsigned int resource_max_frames(const struct > domain *d, > return d->vmtrace_size >> PAGE_SHIFT; > > default: > - return -EOPNOTSUPP; > + return 0; > } > } Wouldn't we better accompany this by an ASSERT_UNREACHABLE() in the default case of _acquire_resource()? Jan
