ia64/xen-unstable

changeset 14206:5dac445200e3

[XEN] Check that the cr3 mfn is valid before using it.

Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
author Christian Limpach <Christian.Limpach@xensource.com>
date Thu Mar 01 17:27:31 2007 +0000 (2007-03-01)
parents 10eb93864df5
children 33d733c3649d
files xen/arch/x86/domain.c
line diff
     1.1 --- a/xen/arch/x86/domain.c	Thu Mar 01 15:56:45 2007 +0000
     1.2 +++ b/xen/arch/x86/domain.c	Thu Mar 01 17:27:31 2007 +0000
     1.3 @@ -630,10 +630,11 @@ int arch_set_info_guest(
     1.4          {
     1.5              cr3_pfn = gmfn_to_mfn(d, xen_cr3_to_pfn(c.nat->ctrlreg[3]));
     1.6  
     1.7 -            if ( paging_mode_refcounts(d)
     1.8 -                 ? !get_page(mfn_to_page(cr3_pfn), d)
     1.9 -                 : !get_page_and_type(mfn_to_page(cr3_pfn), d,
    1.10 -                                      PGT_base_page_table) )
    1.11 +            if ( !mfn_valid(cr3_pfn) ||
    1.12 +                 (paging_mode_refcounts(d)
    1.13 +                  ? !get_page(mfn_to_page(cr3_pfn), d)
    1.14 +                  : !get_page_and_type(mfn_to_page(cr3_pfn), d,
    1.15 +                                       PGT_base_page_table)) )
    1.16              {
    1.17                  destroy_gdt(v);
    1.18                  return -EINVAL;
    1.19 @@ -648,10 +649,11 @@ int arch_set_info_guest(
    1.20  
    1.21              cr3_pfn = gmfn_to_mfn(d, compat_cr3_to_pfn(c.cmp->ctrlreg[3]));
    1.22  
    1.23 -            if ( paging_mode_refcounts(d)
    1.24 -                 ? !get_page(mfn_to_page(cr3_pfn), d)
    1.25 -                 : !get_page_and_type(mfn_to_page(cr3_pfn), d,
    1.26 -                                    PGT_l3_page_table) )
    1.27 +            if ( !mfn_valid(cr3_pfn) ||
    1.28 +                 (paging_mode_refcounts(d)
    1.29 +                  ? !get_page(mfn_to_page(cr3_pfn), d)
    1.30 +                  : !get_page_and_type(mfn_to_page(cr3_pfn), d,
    1.31 +                                       PGT_l3_page_table)) )
    1.32              {
    1.33                  destroy_gdt(v);
    1.34                  return -EINVAL;