direct-io.hg

changeset 10297:8c64169a05d3

[TOOLS] Fix domain builder to carefully check that mapped memory area
does not overflow and wrap to zero.
Signed-off-by: Keir Fraser <keir@xensource.com>
author kaf24@firebug.cl.cam.ac.uk
date Thu Jun 08 09:52:04 2006 +0100 (2006-06-08)
parents 06569f1a4681
children 6fb0d5ad63d7
files tools/libxc/xc_linux_build.c
line diff
     1.1 --- a/tools/libxc/xc_linux_build.c	Wed Jun 07 15:51:56 2006 +0100
     1.2 +++ b/tools/libxc/xc_linux_build.c	Thu Jun 08 09:52:04 2006 +0100
     1.3 @@ -608,6 +608,16 @@ static int compat_check(int xc_handle, s
     1.4      return 1;
     1.5  }
     1.6  
     1.7 +static inline int increment_ulong(unsigned long *pval, unsigned long inc)
     1.8 +{
     1.9 +    if ( inc >= -*pval )
    1.10 +    {
    1.11 +        ERROR("Value wrapped to zero: image too large?");
    1.12 +        return 0;
    1.13 +    }
    1.14 +    *pval += inc;
    1.15 +    return 1;
    1.16 +}
    1.17  
    1.18  static int setup_guest(int xc_handle,
    1.19                         uint32_t dom,
    1.20 @@ -709,30 +719,59 @@ static int setup_guest(int xc_handle,
    1.21       * which we solve by exhaustive search.
    1.22       */
    1.23      v_end = round_pgup(dsi.v_end);
    1.24 +    if ( v_end == 0 )
    1.25 +    {
    1.26 +        ERROR("End of mapped kernel image too close to end of memory");
    1.27 +        goto error_out;
    1.28 +    }
    1.29      vinitrd_start = v_end;
    1.30 -    v_end += round_pgup(initrd->len);
    1.31 +    if ( !increment_ulong(&v_end, round_pgup(initrd->len)) )
    1.32 +        goto error_out;
    1.33      vphysmap_start = v_end;
    1.34 -    v_end += round_pgup(nr_pages * sizeof(unsigned long));
    1.35 +    if ( !increment_ulong(&v_end, round_pgup(nr_pages * sizeof(long))) )
    1.36 +        goto error_out;
    1.37      vstartinfo_start = v_end;
    1.38 -    v_end += PAGE_SIZE;
    1.39 +    if ( !increment_ulong(&v_end, PAGE_SIZE) )
    1.40 +        goto error_out;
    1.41      vstoreinfo_start = v_end;
    1.42 -    v_end += PAGE_SIZE;
    1.43 +    if ( !increment_ulong(&v_end, PAGE_SIZE) )
    1.44 +        goto error_out;
    1.45      vconsole_start = v_end;
    1.46 -    v_end += PAGE_SIZE;
    1.47 +    if ( !increment_ulong(&v_end, PAGE_SIZE) )
    1.48 +        goto error_out;
    1.49      if ( shadow_mode_enabled ) {
    1.50          vsharedinfo_start = v_end;
    1.51 -        v_end += PAGE_SIZE;
    1.52 +        if ( !increment_ulong(&v_end, PAGE_SIZE) )
    1.53 +            goto error_out;
    1.54      }
    1.55      vpt_start = v_end;
    1.56  
    1.57      for ( nr_pt_pages = 2; ; nr_pt_pages++ )
    1.58      {
    1.59 -        vpt_end          = vpt_start + (nr_pt_pages * PAGE_SIZE);
    1.60 -        vstack_start     = vpt_end;
    1.61 -        vstack_end       = vstack_start + PAGE_SIZE;
    1.62 -        v_end            = (vstack_end + (1UL<<22)-1) & ~((1UL<<22)-1);
    1.63 +        /* vpt_end = vpt_staret + (nr_pt_pages * PAGE_SIZE); */
    1.64 +        vpt_end = vpt_start;
    1.65 +        if ( !increment_ulong(&vpt_end, nr_pt_pages * PAGE_SIZE) )
    1.66 +            goto error_out;
    1.67 +
    1.68 +        vstack_start = vpt_end;
    1.69 +        /* vstack_end = vstack_start + PAGE_SIZE; */
    1.70 +        vstack_end = vstack_start;
    1.71 +        if ( !increment_ulong(&vstack_end, PAGE_SIZE) )
    1.72 +            goto error_out;
    1.73 +
    1.74 +        /* v_end = (vstack_end + (1UL<<22)-1) & ~((1UL<<22)-1); */
    1.75 +        v_end = vstack_end;
    1.76 +        if ( !increment_ulong(&v_end, (1UL<<22)-1) )
    1.77 +            goto error_out;
    1.78 +        v_end &= ~((1UL<<22)-1);
    1.79 +
    1.80          if ( (v_end - vstack_end) < (512UL << 10) )
    1.81 -            v_end += 1UL << 22; /* Add extra 4MB to get >= 512kB padding. */
    1.82 +        {
    1.83 +            /* Add extra 4MB to get >= 512kB padding. */
    1.84 +            if ( !increment_ulong(&v_end, 1UL << 22) )
    1.85 +                goto error_out;
    1.86 +        }
    1.87 +
    1.88  #define NR(_l,_h,_s) \
    1.89      (((((_h) + ((1UL<<(_s))-1)) & ~((1UL<<(_s))-1)) - \
    1.90      ((_l) & ~((1UL<<(_s))-1))) >> (_s))