@@ -129,7 +129,7 @@ int dm_op(const struct dmop_args *op_args)
if ( (!rc || rc == -ERESTART) &&
!const_op && copy_to_guest_offset(op_args->buf[0].h, offset,
- (void *)&op.u, op_size[op.op]) )
+ (const void *)&op.u, op_size[op.op]) )
rc = -EFAULT;
out:
@@ -552,15 +552,12 @@ bool guest_walk_tables(const struct vcpu *v, vaddr_t gva,
{
register_t sctlr = READ_SYSREG(SCTLR_EL1);
register_t tcr = READ_SYSREG(TCR_EL1);
- unsigned int _perms;
+ unsigned int _perms = GV2M_READ;
/* We assume that the domain is running on the currently active domain. */
if ( v != current )
return false;
- /* Allow perms to be NULL. */
- perms = perms ?: &_perms;
-
/*
* Currently, we assume a GVA to IPA translation with EL1 privileges.
* Since, valid mappings in the first stage address translation table are
@@ -570,7 +567,12 @@ bool guest_walk_tables(const struct vcpu *v, vaddr_t gva,
* attributes that distinguish between EL0 and EL1 permissions (EL0 might
* not have permissions on the particular mapping).
*/
- *perms = GV2M_READ;
+ /* Allow perms to be NULL. */
+ if( perms ) {
+ *perms = _perms;
+ } else {
+ perms = &_perms;
+ }
/* If the MMU is disabled, there is no need to translate the gva. */
if ( !(sctlr & SCTLR_Axx_ELx_M) )
The function 'guest_walk_tables' contains an initialization pattern for the pointee of parameter 'perms' that is not easy for automatic checkers to reason about. A modified pattern that does not alter the semantics of the code is introduced. A const qualifier is added in 'xen/arch/arm/dm.c' because 'copy_to_guest_offset' doesn't modify that parameter. Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com> --- xen/arch/arm/dm.c | 2 +- xen/arch/arm/guest_walk.c | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-)