WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] Add bounds check to get_mfn_from_gpfn().

from [Xen patchbot -unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] Add bounds check to get_mfn_from_gpfn().
From: Xen patchbot -unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 27 Apr 2006 21:34:11 +0000
Delivery-date: Thu, 27 Apr 2006 14:35:31 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 4e909143218cfc4477b3acf3a4c5a99d60ce4b2e
# Parent  15788ab9fce254079bb449a62a8c859609ac30b3
Add bounds check to get_mfn_from_gpfn().
From: Jan Beulich
Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>

diff -r 15788ab9fce2 -r 4e909143218c xen/include/asm-x86/mm.h
--- a/xen/include/asm-x86/mm.h  Thu Apr 27 14:06:41 2006 +0100
+++ b/xen/include/asm-x86/mm.h  Thu Apr 27 14:13:42 2006 +0100
@@ -274,6 +274,8 @@ int check_descriptor(struct desc_struct 
  * been used by the read-only MPT map.
  */
 #define phys_to_machine_mapping ((unsigned long *)RO_MPT_VIRT_START)
+#define NR_P2M_TABLE_ENTRIES    ((unsigned long *)RO_MPT_VIRT_END \
+                                 - phys_to_machine_mapping)
 #define INVALID_MFN             (~0UL)
 #define VALID_MFN(_mfn)         (!((_mfn) & (1U<<31)))
 
@@ -282,7 +284,9 @@ static inline unsigned long get_mfn_from
 {
     unsigned long mfn;
 
-    if ( __copy_from_user(&mfn, &phys_to_machine_mapping[pfn], sizeof(mfn)) )
+    if ( unlikely(pfn >= NR_P2M_TABLE_ENTRIES) ||
+         unlikely(__copy_from_user(&mfn, &phys_to_machine_mapping[pfn],
+                                   sizeof(mfn))) )
        mfn = INVALID_MFN;
 
     return mfn;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-changelog] Define __XEN_TOOLS__ when building tools. Use this to, Xen patchbot -unstable
Next by Date:  [Xen-changelog] Add BUILD_BUG_ON() and a handful of users., Xen patchbot -unstable
Previous by Thread:  [Xen-changelog] Add bounds check to get_mfn_from_gpfn()., Xen patchbot -3 . 0-testing
Next by Thread:  [Xen-changelog] Wrap all GUEST_HANDLEs in structures, and define SET/GET macros to access them, Xen patchbot -unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy