diff options
author | kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk> | 2005-08-26 17:42:34 +0000 |
---|---|---|
committer | kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk> | 2005-08-26 17:42:34 +0000 |
commit | edf2226577a60fe13d1a363b24cd54edce6c33f4 (patch) | |
tree | 6451b1e4dd3f52cbf0f863f936e747fca27825d4 /xen/common/multicall.c | |
parent | 5946ce59ff6f6678dd23e2fea4a014f1959921bf (diff) | |
download | xen-edf2226577a60fe13d1a363b24cd54edce6c33f4.tar.gz xen-edf2226577a60fe13d1a363b24cd54edce6c33f4.tar.bz2 xen-edf2226577a60fe13d1a363b24cd54edce6c33f4.zip |
Clean up and fix hypercall macros in XenLinux: we must assume that
all register parameters are clobbered on return. Furthermore,
multicall arrays are clobbered on return from a multicall (only the
result field can be trusted!).
These restrictions are enforced by debug builds of Xen in the
following ways:
1. On completion of a multicall, the call array is overwritten
with garbage before writing in the result fields.
2. On completion of a hypercall, all parameter registers are
overwritten with garbage.
Signed-off-by: Keir Fraser <keir@xensource.com>
Diffstat (limited to 'xen/common/multicall.c')
-rw-r--r-- | xen/common/multicall.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/xen/common/multicall.c b/xen/common/multicall.c index a3af8ef221..a811f68266 100644 --- a/xen/common/multicall.c +++ b/xen/common/multicall.c @@ -45,6 +45,18 @@ long do_multicall(multicall_entry_t *call_list, unsigned int nr_calls) do_multicall_call(&mcs->call); +#ifndef NDEBUG + { + /* + * Deliberately corrupt the contents of the multicall structure. + * The caller must depend only on the 'result' field on return. + */ + multicall_entry_t corrupt; + memset(&corrupt, 0xAA, sizeof(corrupt)); + (void)__copy_to_user(&call_list[i], &corrupt, sizeof(corrupt)); + } +#endif + if ( unlikely(__put_user(mcs->call.result, &call_list[i].result)) ) { DPRINTK("Error writing result back to multicall block.\n"); |