Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / 3c6b5bfa3cf3b4057788e08482a468cc3bc00780^! / . / drivers / lguest / core.c
commit3c6b5bfa3cf3b4057788e08482a468cc3bc00780[log] [tgz]
authorRusty Russell <rusty@rustcorp.com.au>Mon Oct 22 11:03:26 2007 +1000
committerRusty Russell <rusty@rustcorp.com.au>Tue Oct 23 15:49:50 2007 +1000
treef0d67890f6f8c9d0840c9b19a483ec06cbf822ef
parent6649bb7af6a819b675bfcf22ab704737e905645a [diff] [blame]
Introduce guest mem offset, static link example launcher

In order to avoid problematic special linking of the Launcher, we give
the Host an offset: this means we can use any memory region in the
Launcher as Guest memory rather than insisting on mmap() at 0.

The result is quite pleasing: a number of casts are replaced with
simple additions.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
index a0788c1..eb95860 100644
--- a/drivers/lguest/core.c
+++ b/drivers/lguest/core.c

@@ -325,8 +325,8 @@
  * Dealing With Guest Memory.
  *
  * When the Guest gives us (what it thinks is) a physical address, we can use
- * the normal copy_from_user() & copy_to_user() on that address: remember,
- * Guest physical == Launcher virtual.
+ * the normal copy_from_user() & copy_to_user() on the corresponding place in
+ * the memory region allocated by the Launcher.
  *
  * But we can't trust the Guest: it might be trying to access the Launcher
  * code.  We have to check that the range is below the pfn_limit the Launcher
@@ -348,8 +348,8 @@
 
 	/* Don't let them access lguest binary. */
 	if (!lguest_address_ok(lg, addr, sizeof(val))
-	    || get_user(val, (u32 __user *)addr) != 0)
-		kill_guest(lg, "bad read address %#lx", addr);
+	    || get_user(val, (u32 *)(lg->mem_base + addr)) != 0)
+		kill_guest(lg, "bad read address %#lx: pfn_limit=%u membase=%p", addr, lg->pfn_limit, lg->mem_base);
 	return val;
 }
 
@@ -357,7 +357,7 @@
 void lgwrite_u32(struct lguest *lg, unsigned long addr, u32 val)
 {
 	if (!lguest_address_ok(lg, addr, sizeof(val))
-	    || put_user(val, (u32 __user *)addr) != 0)
+	    || put_user(val, (u32 *)(lg->mem_base + addr)) != 0)
 		kill_guest(lg, "bad write address %#lx", addr);
 }
 
@@ -367,7 +367,7 @@
 void lgread(struct lguest *lg, void *b, unsigned long addr, unsigned bytes)
 {
 	if (!lguest_address_ok(lg, addr, bytes)
-	    || copy_from_user(b, (void __user *)addr, bytes) != 0) {
+	    || copy_from_user(b, lg->mem_base + addr, bytes) != 0) {
 		/* copy_from_user should do this, but as we rely on it... */
 		memset(b, 0, bytes);
 		kill_guest(lg, "bad read address %#lx len %u", addr, bytes);
@@ -379,7 +379,7 @@
 	     unsigned bytes)
 {
 	if (!lguest_address_ok(lg, addr, bytes)
-	    || copy_to_user((void __user *)addr, b, bytes) != 0)
+	    || copy_to_user(lg->mem_base + addr, b, bytes) != 0)
 		kill_guest(lg, "bad write address %#lx len %u", addr, bytes);
 }
 /* (end of memory access helper routines) :*/
@@ -616,11 +616,9 @@
 			 *
 			 * Note that if the Guest were really messed up, this
 			 * could happen before it's done the INITIALIZE
-			 * hypercall, so lg->lguest_data will be NULL, so
-			 * &lg->lguest_data->cr2 will be address 8.  Writing
-			 * into that address won't hurt the Host at all,
-			 * though. */
-			if (put_user(cr2, &lg->lguest_data->cr2))
+			 * hypercall, so lg->lguest_data will be NULL */
+			if (lg->lguest_data
+			    && put_user(cr2, &lg->lguest_data->cr2))
 				kill_guest(lg, "Writing cr2");
 			break;
 		case 7: /* We've intercepted a Device Not Available fault. */