From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 7 Mar 2012 08:55:57 +0000 (+0000)
Subject: KEXEC: fix kexec_get_range_compat to fail vocally.
X-Git-Tag: 4.0.4-rc1~13
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=19035b2c6dde8f8a25259f238aa7eae041c9f1ba;p=xen.git

KEXEC: fix kexec_get_range_compat to fail vocally.

Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Simplify the bitwise arithmetic a bit.

Signed-off-by: Keir Fraser <keir@xen.org>
xen-unstable changeset:   24358:9961a6d5356a
xen-unstable date:        Mon Dec 05 19:42:46 2011 +0000
---

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index d2d5fde321..a49eeacc95 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -295,6 +295,10 @@ static int kexec_get_range_compat(XEN_GUEST_HANDLE(void) uarg)
 
     ret = kexec_get_range_internal(&range);
 
+    /* Dont silently truncate physical addresses or sizes. */
+    if ( (range.start | range.size) & ~(unsigned long)(~0u) )
+        return -ERANGE;
+
     if ( ret == 0 ) {
         XLAT_kexec_range(&compat_range, &range);
         if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) )