ia64/xen-unstable

changeset 12223:002856e70ca1

[XEN] Better parameter checking for grant table copy operation.

Signed-off-by: Steven Smith <sos22@cam.ac.uk>
author Steven Smith <ssmith@xensource.com>
date Thu Nov 02 13:20:32 2006 +0000 (2006-11-02)
parents 36d020268c6c
children 722cc2390021
files xen/common/grant_table.c
line diff
     1.1 --- a/xen/common/grant_table.c	Thu Nov 02 11:56:26 2006 +0000
     1.2 +++ b/xen/common/grant_table.c	Thu Nov 02 13:20:32 2006 +0000
     1.3 @@ -724,10 +724,6 @@ static void
     1.4  {
     1.5      grant_entry_t *const sha = &rd->grant_table->shared[gref];
     1.6      struct active_grant_entry *const act = &rd->grant_table->active[gref];
     1.7 -    const unsigned long r_frame = act->frame;
     1.8 -
     1.9 -    if ( !readonly )
    1.10 -        gnttab_mark_dirty(rd, r_frame);
    1.11  
    1.12      spin_lock(&rd->grant_table->lock);
    1.13  
    1.14 @@ -750,7 +746,8 @@ static void
    1.15  
    1.16  /* Grab a frame number from a grant entry and update the flags and pin
    1.17     count as appropriate.  Note that this does *not* update the page
    1.18 -   type or reference counts. */
    1.19 +   type or reference counts, and does not check that the mfn is
    1.20 +   actually valid. */
    1.21  static int
    1.22  __acquire_grant_for_copy(
    1.23      struct domain *rd, unsigned long gref, int readonly,
    1.24 @@ -892,6 +889,9 @@ static void
    1.25      {
    1.26          s_frame = gmfn_to_mfn(sd, op->source.u.gmfn);
    1.27      }
    1.28 +    if ( unlikely(!mfn_valid(s_frame)) )
    1.29 +        PIN_FAIL(error_out, GNTST_general_error,
    1.30 +                 "source frame %lx invalid.\n", s_frame);
    1.31      if ( !get_page(mfn_to_page(s_frame), sd) )
    1.32          PIN_FAIL(error_out, GNTST_general_error,
    1.33                   "could not get source frame %lx.\n", s_frame);
    1.34 @@ -906,8 +906,11 @@ static void
    1.35      }
    1.36      else
    1.37      {
    1.38 -        d_frame = gmfn_to_mfn(sd, op->dest.u.gmfn);
    1.39 +        d_frame = gmfn_to_mfn(dd, op->dest.u.gmfn);
    1.40      }
    1.41 +    if ( unlikely(!mfn_valid(d_frame)) )
    1.42 +        PIN_FAIL(error_out, GNTST_general_error,
    1.43 +                 "destination frame %lx invalid.\n", d_frame);
    1.44      if ( !get_page_and_type(mfn_to_page(d_frame), dd, PGT_writable_page) )
    1.45          PIN_FAIL(error_out, GNTST_general_error,
    1.46                   "could not get destination frame %lx.\n", d_frame);
    1.47 @@ -920,6 +923,8 @@ static void
    1.48      unmap_domain_page(dp);
    1.49      unmap_domain_page(sp);
    1.50  
    1.51 +    gnttab_mark_dirty(dd, d_frame);
    1.52 +
    1.53      put_page_and_type(mfn_to_page(d_frame));
    1.54   error_out:
    1.55      if ( have_s_ref )