diff options
| author | Jan Beulich <jbeulich@suse.com> | 2013-03-12 16:13:54 +0100 |
|---|---|---|
| committer | Jan Beulich <jbeulich@suse.com> | 2013-03-12 16:13:54 +0100 |
| commit | 957c5525c67c392bf529aff680f9a166389749ee (patch) | |
| tree | bf268ef9cb19a0a2c3b85cb861fe47ee022e1ea4 | |
| parent | 79f0ba3e7dc6176fc44dad5093f981f9a230ac9e (diff) | |
| download | xen-957c5525c67c392bf529aff680f9a166389749ee.tar.gz xen-957c5525c67c392bf529aff680f9a166389749ee.tar.bz2 xen-957c5525c67c392bf529aff680f9a166389749ee.zip | |
x86: make certain memory sub-ops return valid values
When a domain's shared info field "max_pfn" is zero,
domain_get_maximum_gpfn() so far returned ULONG_MAX, which
do_memory_op() in turn converted to -1 (i.e. -EPERM). Make the former
always return a sensible number (i.e. zero if the field was zero) and
have the latter no longer truncate return values.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Tim Deegan <tim@xen.org>
master changeset: 7ffc9779aa5120c5098d938cb88f69a1dda9a0fe
master date: 2013-03-04 10:16:04 +0100
| -rw-r--r-- | xen/arch/x86/mm.c | 2 | ||||
| -rw-r--r-- | xen/common/compat/memory.c | 11 | ||||
| -rw-r--r-- | xen/common/memory.c | 5 |
3 files changed, 12 insertions, 6 deletions
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index fb0798f010..1aeacbd299 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -433,7 +433,7 @@ unsigned long domain_get_maximum_gpfn(struct domain *d) if ( is_hvm_domain(d) ) return p2m_get_hostp2m(d)->max_mapped_pfn; /* NB. PV guests specify nr_pfns rather than max_pfn so we adjust here. */ - return arch_get_max_pfn(d) - 1; + return (arch_get_max_pfn(d) ?: 1) - 1; } void share_xen_page_with_guest( diff --git a/xen/common/compat/memory.c b/xen/common/compat/memory.c index 1f94d4f9c3..2355cb9762 100644 --- a/xen/common/compat/memory.c +++ b/xen/common/compat/memory.c @@ -15,7 +15,8 @@ CHECK_TYPE(domid); int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE(void) compat) { - int rc, split, op = cmd & MEMOP_CMD_MASK; + int split, op = cmd & MEMOP_CMD_MASK; + long rc; unsigned int start_extent = cmd >> MEMOP_EXTENT_SHIFT; do @@ -204,7 +205,7 @@ int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE(void) compat) rc = do_memory_op(cmd, nat.hnd); if ( rc < 0 ) - return rc; + break; cmd = 0; if ( hypercall_xlat_continuation(&cmd, 0x02, nat.hnd, compat) ) @@ -318,5 +319,11 @@ int compat_memory_op(unsigned int cmd, XEN_GUEST_HANDLE(void) compat) __HYPERVISOR_memory_op, "ih", cmd, compat); } while ( split > 0 ); + if ( unlikely(rc > INT_MAX) ) + return INT_MAX; + + if ( unlikely(rc < INT_MIN) ) + return INT_MIN; + return rc; } diff --git a/xen/common/memory.c b/xen/common/memory.c index 0cb65ae144..a515d1dcaf 100644 --- a/xen/common/memory.c +++ b/xen/common/memory.c @@ -532,14 +532,13 @@ static long memory_exchange(XEN_GUEST_HANDLE(xen_memory_exchange_t) arg) long do_memory_op(unsigned long cmd, XEN_GUEST_HANDLE(void) arg) { struct domain *d; - int rc, op; + long rc; unsigned int address_bits; unsigned long start_extent; struct xen_memory_reservation reservation; struct memop_args args; domid_t domid; - - op = cmd & MEMOP_CMD_MASK; + int op = cmd & MEMOP_CMD_MASK; switch ( op ) { |