diff options
| -rw-r--r-- | xen/arch/x86/mm.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c index 52b4048909..06e47e5eea 100644 --- a/xen/arch/x86/mm.c +++ b/xen/arch/x86/mm.c @@ -2442,6 +2442,10 @@ long do_set_gdt(unsigned long *frame_list, unsigned int entries) unsigned long frames[16]; long ret; + /* Rechecked in set_gdt, but ensures a sane limit for copy_from_user(). */ + if ( entries > FIRST_RESERVED_GDT_ENTRY ) + return -EINVAL; + if ( copy_from_user(frames, frame_list, nr_pages * sizeof(unsigned long)) ) return -EFAULT; |