ia64/xen-unstable

changeset 11328:9956c3a3bd84

[XEN] Off-by one error in range checks translating gfns to mfns
Signed-off-by: Tim Deegan <Tim.Deegan@xensource.com>
author tdeegan@york.uk.xensource.com
date Tue Aug 29 09:37:30 2006 +0100 (2006-08-29)
parents 2097de87c920
children a926e72e0491
files xen/arch/x86/mm/shadow/common.c xen/arch/x86/mm/shadow/private.h xen/include/asm-x86/mm.h
line diff
     1.1 --- a/xen/arch/x86/mm/shadow/common.c	Mon Aug 28 17:50:21 2006 +0100
     1.2 +++ b/xen/arch/x86/mm/shadow/common.c	Tue Aug 29 09:37:30 2006 +0100
     1.3 @@ -1121,7 +1121,7 @@ sh_gfn_to_mfn_foreign(struct domain *d, 
     1.4  
     1.5  
     1.6  #if CONFIG_PAGING_LEVELS > 2
     1.7 -    if ( gpfn > (RO_MPT_VIRT_END - RO_MPT_VIRT_START) / sizeof(l1_pgentry_t) ) 
     1.8 +    if ( gpfn >= (RO_MPT_VIRT_END-RO_MPT_VIRT_START) / sizeof(l1_pgentry_t) ) 
     1.9          /* This pfn is higher than the p2m map can hold */
    1.10          return _mfn(INVALID_MFN);
    1.11  #endif
     2.1 --- a/xen/arch/x86/mm/shadow/private.h	Mon Aug 28 17:50:21 2006 +0100
     2.2 +++ b/xen/arch/x86/mm/shadow/private.h	Tue Aug 29 09:37:30 2006 +0100
     2.3 @@ -555,7 +555,7 @@ vcpu_gfn_to_mfn_nofault(struct vcpu *v, 
     2.4          return _mfn(gfn);
     2.5  
     2.6  #if CONFIG_PAGING_LEVELS > 2
     2.7 -    if ( gfn > (RO_MPT_VIRT_END - RO_MPT_VIRT_START) / sizeof(l1_pgentry_t) ) 
     2.8 +    if ( gfn >= (RO_MPT_VIRT_END - RO_MPT_VIRT_START) / sizeof(l1_pgentry_t) ) 
     2.9          /* This pfn is higher than the p2m map can hold */
    2.10          return _mfn(INVALID_MFN);
    2.11  #endif
     3.1 --- a/xen/include/asm-x86/mm.h	Mon Aug 28 17:50:21 2006 +0100
     3.2 +++ b/xen/include/asm-x86/mm.h	Tue Aug 29 09:37:30 2006 +0100
     3.3 @@ -368,7 +368,7 @@ static inline unsigned long get_mfn_from
     3.4      int ret;
     3.5  
     3.6  #if CONFIG_PAGING_LEVELS > 2
     3.7 -    if ( pfn > (RO_MPT_VIRT_END - RO_MPT_VIRT_START) / sizeof (l1_pgentry_t) ) 
     3.8 +    if ( pfn >= (RO_MPT_VIRT_END - RO_MPT_VIRT_START) / sizeof(l1_pgentry_t) ) 
     3.9          /* This pfn is higher than the p2m map can hold */
    3.10          return INVALID_MFN;
    3.11  #endif