diff options
author | Andrew Cooper <andrew.cooper3@citrix.com> | 2011-12-05 19:42:46 +0000 |
---|---|---|
committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2011-12-05 19:42:46 +0000 |
commit | 2043419cfc831be0153580990ae5f812984e8ec5 (patch) | |
tree | cb63bc54fc59e6a226384b7e3b79dee03bab8b02 /xen/common/kexec.c | |
parent | ab736eba59c572b692df1d81a1a7e63b366235c2 (diff) | |
download | xen-2043419cfc831be0153580990ae5f812984e8ec5.tar.gz xen-2043419cfc831be0153580990ae5f812984e8ec5.tar.bz2 xen-2043419cfc831be0153580990ae5f812984e8ec5.zip |
KEXEC: fix kexec_get_range_compat to fail vocally.
Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Simplify the bitwise arithmetic a bit.
Signed-off-by: Keir Fraser <keir@xen.org>
Diffstat (limited to 'xen/common/kexec.c')
-rw-r--r-- | xen/common/kexec.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/xen/common/kexec.c b/xen/common/kexec.c index 1a3b52382d..e520348736 100644 --- a/xen/common/kexec.c +++ b/xen/common/kexec.c @@ -395,6 +395,10 @@ static int kexec_get_range_compat(XEN_GUEST_HANDLE(void) uarg) ret = kexec_get_range_internal(&range); + /* Dont silently truncate physical addresses or sizes. */ + if ( (range.start | range.size) & ~(unsigned long)(~0u) ) + return -ERANGE; + if ( ret == 0 ) { XLAT_kexec_range(&compat_range, &range); if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) ) |