[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] Add bounds check to get_mfn_from_gpfn().



# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 4e909143218cfc4477b3acf3a4c5a99d60ce4b2e
# Parent  15788ab9fce254079bb449a62a8c859609ac30b3
Add bounds check to get_mfn_from_gpfn().
From: Jan Beulich
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>

diff -r 15788ab9fce2 -r 4e909143218c xen/include/asm-x86/mm.h
--- a/xen/include/asm-x86/mm.h  Thu Apr 27 14:06:41 2006 +0100
+++ b/xen/include/asm-x86/mm.h  Thu Apr 27 14:13:42 2006 +0100
@@ -274,6 +274,8 @@ int check_descriptor(struct desc_struct 
  * been used by the read-only MPT map.
  */
 #define phys_to_machine_mapping ((unsigned long *)RO_MPT_VIRT_START)
+#define NR_P2M_TABLE_ENTRIES    ((unsigned long *)RO_MPT_VIRT_END \
+                                 - phys_to_machine_mapping)
 #define INVALID_MFN             (~0UL)
 #define VALID_MFN(_mfn)         (!((_mfn) & (1U<<31)))
 
@@ -282,7 +284,9 @@ static inline unsigned long get_mfn_from
 {
     unsigned long mfn;
 
-    if ( __copy_from_user(&mfn, &phys_to_machine_mapping[pfn], sizeof(mfn)) )
+    if ( unlikely(pfn >= NR_P2M_TABLE_ENTRIES) ||
+         unlikely(__copy_from_user(&mfn, &phys_to_machine_mapping[pfn],
+                                   sizeof(mfn))) )
        mfn = INVALID_MFN;
 
     return mfn;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.