direct-io.hg

changeset 11433:1de184deaa9c

[XEN] gnttab: Initialise maptrack->flags

__gnttab_unmap_grant_ref verifies the validity of the handle by
checking it against maptrack_limit and making sure that the flags
field at the given handle is non-zero.

This means that the flags of an unused handle should be zero in
order to prevent unused handles from getting past this check.

However, we don't seem to set it to zero to begin with when we
allocate the maptrack table. This could potentially lead to the
corruption of the other domain's internal state, and/or the hypervisor's
internal state.

This patch makes sure that it is zeroed.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author ssmith@weybridge.uk.xensource.com
date Wed Sep 06 13:16:02 2006 +0100 (2006-09-06)
parents 780409e8f0ba
children 8013b84df1ac
files xen/common/grant_table.c
line diff
     1.1 --- a/xen/common/grant_table.c	Wed Sep 06 11:42:29 2006 +0100
     1.2 +++ b/xen/common/grant_table.c	Wed Sep 06 13:16:02 2006 +0100
     1.3 @@ -156,7 +156,10 @@ static void
     1.4  
     1.5          memcpy(new_mt, lgt->maptrack, PAGE_SIZE << lgt->maptrack_order);
     1.6          for ( i = lgt->maptrack_limit; i < (lgt->maptrack_limit << 1); i++ )
     1.7 +        {
     1.8              new_mt[i].ref = i+1;
     1.9 +            new_mt[i].flags = 0;
    1.10 +        }
    1.11  
    1.12          free_xenheap_pages(lgt->maptrack, lgt->maptrack_order);
    1.13          lgt->maptrack          = new_mt;