ia64/xen-unstable

changeset 15229:a00d55b15327

x86: Sanitise the MFN passed to mod_l1_entry().
Signed-off-by: Keir Fraser <keir@xensource.com>
author kfraser@localhost.localdomain
date Fri May 25 16:06:36 2007 +0100 (2007-05-25)
parents 88e41a91301c
children c49987e71dae
files xen/arch/x86/mm.c
line diff
     1.1 --- a/xen/arch/x86/mm.c	Fri May 25 15:28:52 2007 +0100
     1.2 +++ b/xen/arch/x86/mm.c	Fri May 25 16:06:36 2007 +0100
     1.3 @@ -1326,6 +1326,7 @@ static int mod_l1_entry(l1_pgentry_t *pl
     1.4  {
     1.5      l1_pgentry_t ol1e;
     1.6      struct domain *d = current->domain;
     1.7 +    unsigned long mfn;
     1.8  
     1.9      if ( unlikely(__copy_from_user(&ol1e, pl1e, sizeof(ol1e)) != 0) )
    1.10          return 0;
    1.11 @@ -1336,8 +1337,11 @@ static int mod_l1_entry(l1_pgentry_t *pl
    1.12      if ( l1e_get_flags(nl1e) & _PAGE_PRESENT )
    1.13      {
    1.14          /* Translate foreign guest addresses. */
    1.15 -        nl1e = l1e_from_pfn(gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e)),
    1.16 -                            l1e_get_flags(nl1e));
    1.17 +        mfn = gmfn_to_mfn(FOREIGNDOM, l1e_get_pfn(nl1e));
    1.18 +        if ( unlikely(mfn == INVALID_MFN) )
    1.19 +            return 0;
    1.20 +        ASSERT((mfn & ~(PADDR_MASK >> PAGE_SHIFT)) == 0);
    1.21 +        nl1e = l1e_from_pfn(mfn, l1e_get_flags(nl1e));
    1.22  
    1.23          if ( unlikely(l1e_get_flags(nl1e) & L1_DISALLOW_MASK) )
    1.24          {