tighten guest memory accesses

Failure should always be detected and handled. Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Keir Fraser <keir@xen.org>
author: Jan Beulich <jbeulich@suse.com> 2012-12-06 14:20:15 +0100
committer: Jan Beulich <jbeulich@suse.com> 2012-12-06 14:20:15 +0100
commit: 519b2f205a6e85927816b66e1096d6802ee47f1b (patch)
tree: 9c050cb3dad6ad5d7051fe8459ad004acd8e7964 /xen/common/grant_table.c
parent: 8e4addea279da7430d80514828f49013979117e6 (diff)
download: xen-519b2f205a6e85927816b66e1096d6802ee47f1b.tar.gz
xen-519b2f205a6e85927816b66e1096d6802ee47f1b.tar.bz2
xen-519b2f205a6e85927816b66e1096d6802ee47f1b.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index 716a8ceee6..6b10b6686b 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1347,6 +1347,9 @@ gnttab_setup_table(
         goto out1;
     }
 
+    if ( !guest_handle_okay(op.frame_list, op.nr_frames) )
+        return -EFAULT;
+
     d = gt_lock_target_domain_by_id(op.dom);
     if ( IS_ERR(d) )
     {
@@ -1384,7 +1387,8 @@ gnttab_setup_table(
         gmfn = gnttab_shared_gmfn(d, gt, i);
         /* Grant tables cannot be shared */
         BUG_ON(SHARED_M2P(gmfn));
-        (void)copy_to_guest_offset(op.frame_list, i, &gmfn, 1);
+        if ( __copy_to_guest_offset(op.frame_list, i, &gmfn, 1) )
+            op.status = GNTST_bad_virt_addr;
     }
 
  out3:
author	Jan Beulich <jbeulich@suse.com>	2012-12-06 14:20:15 +0100
committer	Jan Beulich <jbeulich@suse.com>	2012-12-06 14:20:15 +0100
commit	519b2f205a6e85927816b66e1096d6802ee47f1b (patch)
tree	9c050cb3dad6ad5d7051fe8459ad004acd8e7964 /xen/common/grant_table.c
parent	8e4addea279da7430d80514828f49013979117e6 (diff)
download	xen-519b2f205a6e85927816b66e1096d6802ee47f1b.tar.gz xen-519b2f205a6e85927816b66e1096d6802ee47f1b.tar.bz2 xen-519b2f205a6e85927816b66e1096d6802ee47f1b.zip