diff options
| author | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-05-25 16:06:36 +0100 |
|---|---|---|
| committer | kfraser@localhost.localdomain <kfraser@localhost.localdomain> | 2007-05-25 16:06:36 +0100 |
| commit | d26ddf539c53b2626aea408ad2dad8f284cf3b55 (patch) | |
| tree | 3d0e282623c12baeff4325859af1768af544dff5 | |
| parent | cf71bfc68ecd9430354cce668836537458fa44a0 (diff) | |
| download | xen-d26ddf539c53b2626aea408ad2dad8f284cf3b55.tar.gz xen-d26ddf539c53b2626aea408ad2dad8f284cf3b55.tar.bz2 xen-d26ddf539c53b2626aea408ad2dad8f284cf3b55.zip | |
x86: Sanitise the MFN passed to mod_l1_entry().
Signed-off-by: Keir Fraser <keir@xensource.com>
| -rw-r--r-- | xen/arch/x86/mm.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 170b023807..863245aae3 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -1326,6 +1326,7 @@ static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e, { l1_pgentry_t ol1e; struct domain *d = current->domain; + unsigned long mfn; if ( unlikely(__copy_from_user(&ol1e, pl1e, sizeof(ol1e)) != 0) ) return 0; @@ -1336,8 +1337,11 @@ static int mod_l1_entry(l1_pgentry_t *pl1e, l1_pgentry_t nl1e, if ( l1e_get_flags(nl1e) & _PAGE_PRESENT ) { /* Translate foreign guest addresses. */ - nl1e = l1e_from_pfn(gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e)), - l1e_get_flags(nl1e)); + mfn = gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e)); + if ( unlikely(mfn == INVALID_MFN) ) + return 0; + ASSERT((mfn & ~(PADDR_MASK >> PAGE_SHIFT)) == 0); + nl1e = l1e_from_pfn(mfn, l1e_get_flags(nl1e)); if ( unlikely(l1e_get_flags(nl1e) & L1_DISALLOW_MASK) ) { |