diff options
author | Andrew Cooper <andrew.cooper3@citrix.com> | 2012-03-07 08:55:57 +0000 |
---|---|---|
committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2012-03-07 08:55:57 +0000 |
commit | 19035b2c6dde8f8a25259f238aa7eae041c9f1ba (patch) | |
tree | f259f320ef72bf57bfba4605600f38c9531dc375 | |
parent | a1c5825cbb732a4b2af183007cce1ca99019174b (diff) | |
download | xen-19035b2c6dde8f8a25259f238aa7eae041c9f1ba.tar.gz xen-19035b2c6dde8f8a25259f238aa7eae041c9f1ba.tar.bz2 xen-19035b2c6dde8f8a25259f238aa7eae041c9f1ba.zip |
KEXEC: fix kexec_get_range_compat to fail vocally.
Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Simplify the bitwise arithmetic a bit.
Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset: 24358:9961a6d5356a
xen-unstable date: Mon Dec 05 19:42:46 2011 +0000
-rw-r--r-- | xen/common/kexec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/xen/common/kexec.c b/xen/common/kexec.c index d2d5fde321..a49eeacc95 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -295,6 +295,10 @@ static int kexec_get_range_compat(XEN_GUEST_HANDLE(void) uarg) ret = kexec_get_range_internal(&range); + /* Dont silently truncate physical addresses or sizes. */ + if ( (range.start | range.size) & ~(unsigned long)(~0u) ) + return -ERANGE; + if ( ret == 0 ) { XLAT_kexec_range(&compat_range, &range); if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) ) |