|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-4.2-testing] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
# HG changeset patch
# User Jan Beulich <jbeulich@xxxxxxxx>
# Date 1349338223 -7200
# Node ID 63823a6785fcc79ebc09ab847e282e8982fcdd82
# Parent ca3e8190a72c23c228a752887434cb7ae0fc7332
x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
In particular, the case of "np" being a very large value wasn't handled
correctly. The range start checks also were off by one (except that in
practice, when "np" is properly range checked, this would still have
been caught by the range end checks).
Also, is a GFN wrap in XEN_DOMCTL_memory_mapping really okay?
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
xen-unstable changeset: 25927:3e3959413b2f
xen-unstable date: Wed Sep 19 07:27:55 UTC 2012
---
diff -r ca3e8190a72c -r 63823a6785fc xen/arch/x86/domctl.c
--- a/xen/arch/x86/domctl.c Tue Oct 02 16:02:10 2012 +0100
+++ b/xen/arch/x86/domctl.c Thu Oct 04 10:10:23 2012 +0200
@@ -888,7 +888,7 @@ long arch_do_domctl(
int found = 0;
ret = -EINVAL;
- if ( (np == 0) || (fgp > MAX_IOPORTS) || (fmp > MAX_IOPORTS) ||
+ if ( ((fgp | fmp | (np - 1)) >= MAX_IOPORTS) ||
((fgp + np) > MAX_IOPORTS) || ((fmp + np) > MAX_IOPORTS) )
{
printk(XENLOG_G_ERR
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |