From: Oleksandr Tyshchenko <[email protected]> This is actually what the caller acquire_resource() expects on any kind of error (the comment on top of resource_max_frames() also suggests that). Otherwise, the caller will treat -errno as a valid value and propagate incorrect nr_frames to the VM. As a possible consequence, a VM trying to query a resource size of an unknown type will get the success result from the hypercall and obtain nr_frames 4294967201.
Also, add an ASSERT_UNREACHABLE() in the default case of _acquire_resource(), normally we won't get to this point, as an unknown type will always be rejected earlier in resource_max_frames(). Signed-off-by: Oleksandr Tyshchenko <[email protected]> Reviewed-by: Jan Beulich <[email protected]> --- V2: - add R-b - add ASSERT_UNREACHABLE() in the default case of _acquire_resource() and update commit desc regarding that - drop post-commit remark --- --- xen/common/memory.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xen/common/memory.c b/xen/common/memory.c index a6f2f6d1b3..8ca4e1a842 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -1157,7 +1157,7 @@ static unsigned int resource_max_frames(const struct domain *d, return d->vmtrace_size >> PAGE_SHIFT; default: - return -EOPNOTSUPP; + return 0; } } @@ -1240,6 +1240,7 @@ static int _acquire_resource( return acquire_vmtrace_buf(d, id, frame, nr_frames, mfn_list); default: + ASSERT_UNREACHABLE(); return -EOPNOTSUPP; } } -- 2.34.1
