diff options
author | Jan Beulich <jbeulich@suse.com> | 2012-10-04 10:37:19 +0200 |
---|---|---|
committer | Jan Beulich <jbeulich@suse.com> | 2012-10-04 10:37:19 +0200 |
commit | 234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c (patch) | |
tree | b4a34fefb056a0e85da795d8d1510938fb962fff | |
parent | 230b3538e81da4dd3260aa9209683bad59d1f7ec (diff) | |
download | xen-234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c.tar.gz xen-234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c.tar.bz2 xen-234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c.zip |
x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
In particular, the case of "np" being a very large value wasn't handled
correctly. The range start checks also were off by one (except that in
practice, when "np" is properly range checked, this would still have
been caught by the range end checks).
Also, is a GFN wrap in XEN_DOMCTL_memory_mapping really okay?
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 25927:3e3959413b2f
xen-unstable date: Wed Sep 19 07:27:55 UTC 2012
-rw-r--r-- | xen/arch/x86/domctl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c index 7e189d925b..ea4e08e21d 100644 --- a/xen/arch/x86/domctl.c +++ b/xen/arch/x86/domctl.c @@ -1015,7 +1015,7 @@ long arch_do_domctl( int found = 0; ret = -EINVAL; - if ( (np == 0) || (fgp > MAX_IOPORTS) || (fmp > MAX_IOPORTS) || + if ( ((fgp | fmp | (np - 1)) >= MAX_IOPORTS) || ((fgp + np) > MAX_IOPORTS) || ((fmp + np) > MAX_IOPORTS) ) { gdprintk(XENLOG_ERR, |