xen/arm: add_to_physmap_one: Avoid to map mfn 0 if an error occurs

By default, the function add_to_physmap_one set mfn to 0. Some code paths that
result to an error, continue and the map the mfn 0 (valid on ARM) to the
slot given by the guest.

To fix the problem, return directly an error if sanity check has failed.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Tim Deegan <tim@xen.org>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 474dfef9db7c196586bc0c6c834ba3c60c20f6dc..eaeb0c389b68c0bb25e018f678d235bdcd29c166 100644 (file)
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -981,6 +981,8 @@ static int xenmem_add_to_physmap_one(
             idx &= ~XENMAPIDX_grant_table_status;
             if ( idx < nr_status_frames(d->grant_table) )
                 mfn = virt_to_mfn(d->grant_table->status[idx]);
+            else
+                return -EINVAL;
         }
         else
         {
@@ -990,6 +992,8 @@ static int xenmem_add_to_physmap_one(
 
             if ( idx < nr_grant_frames(d->grant_table) )
                 mfn = virt_to_mfn(d->grant_table->shared_raw[idx]);
+            else
+                return -EINVAL;
         }
         
         d->arch.grant_table_gpfn[idx] = gpfn;
@@ -999,6 +1003,8 @@ static int xenmem_add_to_physmap_one(
     case XENMAPSPACE_shared_info:
         if ( idx == 0 )
             mfn = virt_to_mfn(d->shared_info);
+        else
+            return -EINVAL;
         break;
     case XENMAPSPACE_gmfn_foreign:
     {