aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJan Beulich <jbeulich@suse.com>2012-10-04 10:37:19 +0200
committerJan Beulich <jbeulich@suse.com>2012-10-04 10:37:19 +0200
commit234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c (patch)
treeb4a34fefb056a0e85da795d8d1510938fb962fff
parent230b3538e81da4dd3260aa9209683bad59d1f7ec (diff)
downloadxen-234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c.tar.gz
xen-234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c.tar.bz2
xen-234d3d022aa90bd6c597cb13f1f7b98c6c8f4c9c.zip
x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
In particular, the case of "np" being a very large value wasn't handled correctly. The range start checks also were off by one (except that in practice, when "np" is properly range checked, this would still have been caught by the range end checks). Also, is a GFN wrap in XEN_DOMCTL_memory_mapping really okay? Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org> xen-unstable changeset: 25927:3e3959413b2f xen-unstable date: Wed Sep 19 07:27:55 UTC 2012
Diffstat
-rw-r--r--xen/arch/x86/domctl.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 7e189d925b..ea4e08e21d 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1015,7 +1015,7 @@ long arch_do_domctl(
int found = 0;
ret = -EINVAL;
- if ( (np == 0) || (fgp > MAX_IOPORTS) || (fmp > MAX_IOPORTS) ||
+ if ( ((fgp | fmp | (np - 1)) >= MAX_IOPORTS) ||
((fgp + np) > MAX_IOPORTS) || ((fmp + np) > MAX_IOPORTS) )
{
gdprintk(XENLOG_ERR,
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 08:32:11 +0000