WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] Add bounds check to get_mfn_from_gpfn().

from [Xen patchbot -3 . 0-testing] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] Add bounds check to get_mfn_from_gpfn().
From: Xen patchbot -3.0-testing <patchbot-3.0-testing@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Apr 2006 19:48:17 +0000
Delivery-date: Thu, 27 Apr 2006 12:49:21 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID b5d43db157469c745c781f7ecbbd038e3daf9604
# Parent  83072d72084a873e81ca188dcf9058072dba1a8d
Add bounds check to get_mfn_from_gpfn().
From: Jan Beulich
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>

diff -r 83072d72084a -r b5d43db15746 xen/include/asm-x86/mm.h
--- a/xen/include/asm-x86/mm.h  Thu Apr 27 09:58:50 2006 +0100
+++ b/xen/include/asm-x86/mm.h  Thu Apr 27 14:14:26 2006 +0100
@@ -272,6 +272,8 @@ int check_descriptor(struct desc_struct 
  * been used by the read-only MPT map.
  */
 #define phys_to_machine_mapping ((unsigned long *)RO_MPT_VIRT_START)
+#define NR_P2M_TABLE_ENTRIES    ((unsigned long *)RO_MPT_VIRT_END \
+                                 - phys_to_machine_mapping)
 #define INVALID_MFN             (~0UL)
 #define VALID_MFN(_mfn)         (!((_mfn) & (1U<<31)))
 
@@ -280,7 +282,9 @@ static inline unsigned long get_mfn_from
 {
     unsigned long mfn;
 
-    if ( __copy_from_user(&mfn, &phys_to_machine_mapping[pfn], sizeof(mfn)) )
+    if ( unlikely(pfn >= NR_P2M_TABLE_ENTRIES) ||
+         unlikely(__copy_from_user(&mfn, &phys_to_machine_mapping[pfn],
+                                   sizeof(mfn))) )
        mfn = INVALID_MFN;
 
     return mfn;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-changelog] Rename *GUEST_HANDLE to *XEN_GUEST_HANDLE., Xen patchbot -unstable
Next by Date:  [Xen-changelog] Wrap all GUEST_HANDLEs in structures, and define SET/GET macros to access them, Xen patchbot -unstable
Previous by Thread:  [Xen-changelog] Rename *GUEST_HANDLE to *XEN_GUEST_HANDLE., Xen patchbot -unstable
Next by Thread:  [Xen-changelog] Add bounds check to get_mfn_from_gpfn()., Xen patchbot -unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy