|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] Add bounds check to get_mfn_from_gpfn().
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 4e909143218cfc4477b3acf3a4c5a99d60ce4b2e
# Parent 15788ab9fce254079bb449a62a8c859609ac30b3
Add bounds check to get_mfn_from_gpfn().
From: Jan Beulich
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>
diff -r 15788ab9fce2 -r 4e909143218c xen/include/asm-x86/mm.h
--- a/xen/include/asm-x86/mm.h Thu Apr 27 14:06:41 2006 +0100
+++ b/xen/include/asm-x86/mm.h Thu Apr 27 14:13:42 2006 +0100
@@ -274,6 +274,8 @@ int check_descriptor(struct desc_struct
* been used by the read-only MPT map.
*/
#define phys_to_machine_mapping ((unsigned long *)RO_MPT_VIRT_START)
+#define NR_P2M_TABLE_ENTRIES ((unsigned long *)RO_MPT_VIRT_END \
+ - phys_to_machine_mapping)
#define INVALID_MFN (~0UL)
#define VALID_MFN(_mfn) (!((_mfn) & (1U<<31)))
@@ -282,7 +284,9 @@ static inline unsigned long get_mfn_from
{
unsigned long mfn;
- if ( __copy_from_user(&mfn, &phys_to_machine_mapping[pfn], sizeof(mfn)) )
+ if ( unlikely(pfn >= NR_P2M_TABLE_ENTRIES) ||
+ unlikely(__copy_from_user(&mfn, &phys_to_machine_mapping[pfn],
+ sizeof(mfn))) )
mfn = INVALID_MFN;
return mfn;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |