[PATCH v2 0/2] xen/gntalloc: validate grant count before allocation

Next message: Yousef Alhouseen: "[PATCH v2 1/2] xen/gntalloc: make grant counters unsigned"
Previous message: Yousef Alhouseen: "[PATCH v2] xenbus: reject unterminated directory replies"
In reply to: Juergen Gross: "Re: [PATCH] xen/gntalloc: validate grant count before allocation"
Next in thread: Yousef Alhouseen: "[PATCH v2 1/2] xen/gntalloc: make grant counters unsigned"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Yousef Alhouseen

Date: Fri Jun 26 2026 - 18:38:32 EST

The allocation ioctl currently allocates a user-sized grant-id array
before checking the global grant limit. It also adds the requested count
when enforcing that limit, which makes the check harder to reason about
in the presence of mixed signed and unsigned types.

Make the grant counters unsigned first, then reject impossible requests
before allocation and use subtraction for the locked limit check.

Changes in v2:
- Split the unsigned type changes into a prerequisite patch.
- Remove the signed checks and unnecessary casts.

Yousef Alhouseen (2):
xen/gntalloc: make grant counters unsigned
xen/gntalloc: validate grant count before allocation

drivers/xen/gntalloc.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)

--
2.54.0