get_gpa_access_state: avoid returning dangling reference

Previously, VmFd::get_gpa_access_state returned a dangling reference (in the form of a raw pointer) to a vector that was allocated and freed during the function call. This commit modifies it to instead return the vector directly, since no other information is required by its only consumer (VmFd::get_dirty_log). Signed-off-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
rust-vmm · Sep 2, 2024 · 8dd7b14 · 8dd7b14
1 parent 2859281
commit 8dd7b14
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/mshv-ioctls/src/ioctls/vm.rs b/mshv-ioctls/src/ioctls/vm.rs
@@ -644,7 +644,7 @@ impl VmFd {
         base_pfn: u64,
         nr_pfns: u32,
         flags: u64,
-    ) -> Result<mshv_get_gpa_pages_access_state> {
+    ) -> Result<Vec<hv_gpa_page_access_state>> {
         let mut states: Vec<hv_gpa_page_access_state> =
             vec![hv_gpa_page_access_state { as_uint8: 0 }; nr_pfns as usize];
         let mut gpa_pages_access_state: mshv_get_gpa_pages_access_state =
@@ -664,7 +664,7 @@ impl VmFd {
             )
         };
         if ret == 0 {
-            Ok(gpa_pages_access_state)
+            Ok(states)
         } else {
             Err(errno::Error::last().into())
         }
@@ -707,11 +707,7 @@ impl VmFd {
             current_size = cmp::min(PAGE_ACCESS_STATES_BATCH_SIZE, remaining);
             let page_states =
                 self.get_gpa_access_state(base_pfn + processed as u64, current_size, flags)?;
-            // SAFETY: we're sure states and count meet the requirements for from_raw_parts
-            let slices: &[hv_gpa_page_access_state] = unsafe {
-                std::slice::from_raw_parts(page_states.states, page_states.count as usize)
-            };
-            for item in slices.iter() {
+            for item in page_states.iter() {
                 let bits = &mut bitmap[bitmap_index];
                 mask = 1 << bit_index;
                 // SAFETY: access union field
@@ -723,7 +719,9 @@ impl VmFd {
                 bitmap_index = processed / 64;
                 bit_index = processed % 64;
             }
-            remaining -= page_states.count;
+            // There is no risk of overflow on this cast, since
+            // page_states.len() is at most PAGE_ACCESS_STATES_BATCH_SIZE
+            remaining -= page_states.len() as u32;
         }
         Ok(bitmap)
     }