# HG changeset patch
# User kfraser@localhost.localdomain
# Date 1180105596 -3600
# Node ID a00d55b15327d0e3cece3a6b57c37d63535cb17b
# Parent 88e41a91301c109b99443db3a4bf3c8e6bbad042
x86: Sanitise the MFN passed to mod_l1_entry().
Signed-off-by: Keir Fraser <keir@xensource.com>
---
xen/arch/x86/mm.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff -r 88e41a91301c -r a00d55b15327 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Fri May 25 15:28:52 2007 +0100
+++ b/xen/arch/x86/mm.c Fri May 25 16:06:36 2007 +0100
@@ -1326,6 +1326,7 @@ static int mod_l1_entry(l1_pgentry_t *pl
{
l1_pgentry_t ol1e;
struct domain *d = current->domain;
+ unsigned long mfn;
if ( unlikely(__copy_from_user(&ol1e, pl1e, sizeof(ol1e)) != 0) )
return 0;
@@ -1336,8 +1337,11 @@ static int mod_l1_entry(l1_pgentry_t *pl
if ( l1e_get_flags(nl1e) & _PAGE_PRESENT )
{
/* Translate foreign guest addresses. */
- nl1e = l1e_from_pfn(gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e)),
- l1e_get_flags(nl1e));
+ mfn = gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e));
+ if ( unlikely(mfn == INVALID_MFN) )
+ return 0;
+ ASSERT((mfn & ~(PADDR_MASK >> PAGE_SHIFT)) == 0);
+ nl1e = l1e_from_pfn(mfn, l1e_get_flags(nl1e));
if ( unlikely(l1e_get_flags(nl1e) & L1_DISALLOW_MASK) )
{
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog
# User kfraser@localhost.localdomain
# Date 1180105596 -3600
# Node ID a00d55b15327d0e3cece3a6b57c37d63535cb17b
# Parent 88e41a91301c109b99443db3a4bf3c8e6bbad042
x86: Sanitise the MFN passed to mod_l1_entry().
Signed-off-by: Keir Fraser <keir@xensource.com>
---
xen/arch/x86/mm.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff -r 88e41a91301c -r a00d55b15327 xen/arch/x86/mm.c
--- a/xen/arch/x86/mm.c Fri May 25 15:28:52 2007 +0100
+++ b/xen/arch/x86/mm.c Fri May 25 16:06:36 2007 +0100
@@ -1326,6 +1326,7 @@ static int mod_l1_entry(l1_pgentry_t *pl
{
l1_pgentry_t ol1e;
struct domain *d = current->domain;
+ unsigned long mfn;
if ( unlikely(__copy_from_user(&ol1e, pl1e, sizeof(ol1e)) != 0) )
return 0;
@@ -1336,8 +1337,11 @@ static int mod_l1_entry(l1_pgentry_t *pl
if ( l1e_get_flags(nl1e) & _PAGE_PRESENT )
{
/* Translate foreign guest addresses. */
- nl1e = l1e_from_pfn(gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e)),
- l1e_get_flags(nl1e));
+ mfn = gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e));
+ if ( unlikely(mfn == INVALID_MFN) )
+ return 0;
+ ASSERT((mfn & ~(PADDR_MASK >> PAGE_SHIFT)) == 0);
+ nl1e = l1e_from_pfn(mfn, l1e_get_flags(nl1e));
if ( unlikely(l1e_get_flags(nl1e) & L1_DISALLOW_MASK) )
{
_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xensource.com
http://lists.xensource.com/xen-changelog