From: Jan Beulich <jbeulich@suse.com>
Date: Mon, 21 Aug 2017 13:58:12 +0000 (+0200)
Subject: gnttab: fix "don't use possibly unbounded tail calls"
X-Git-Tag: RELEASE-4.8.2~12
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=236263f4593d2ddfc7426726e86edc1f671ceb76;p=xen.git

gnttab: fix "don't use possibly unbounded tail calls"

The compat mode code also needs adjustment to deal with the changed
return value from gnttab_copy().

This is part of XSA-226.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit: ca617570542e1d7d8de636d5396959bbf1dabab7
master date: 2017-08-21 15:43:36 +0200
---

diff --git a/xen/common/compat/grant_table.c b/xen/common/compat/grant_table.c
index f8c60a1bdf..cce3ff0b9a 100644
--- a/xen/common/compat/grant_table.c
+++ b/xen/common/compat/grant_table.c
@@ -258,9 +258,9 @@ int compat_grant_table_op(unsigned int cmd,
                 rc = gnttab_copy(guest_handle_cast(nat.uop, gnttab_copy_t), n);
             if ( rc > 0 )
             {
-                ASSERT(rc < n);
-                i -= n - rc;
-                n = rc;
+                ASSERT(rc <= n);
+                i -= rc;
+                n -= rc;
             }
             if ( rc >= 0 )
             {