From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 4 Dec 2012 18:38:31 +0000 (+0000)
Subject: x86: get_page_from_gfn() must return NULL for invalid GFNs
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=e662eca49cf7c6ab16f874331b6893649b5cfee7;p=people%2Faperard%2Fxen-arm.git

x86: get_page_from_gfn() must return NULL for invalid GFNs

... also in the non-translated case.

This is XSA-32 / CVE-2012-xxxx.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Tim Deegan <tim@xen.org>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
---

diff --git a/xen/include/asm-x86/p2m.h b/xen/include/asm-x86/p2m.h
index 28be4e864d..907a817353 100644
--- a/xen/include/asm-x86/p2m.h
+++ b/xen/include/asm-x86/p2m.h
@@ -384,7 +384,7 @@ static inline struct page_info *get_page_from_gfn(
     if (t)
         *t = p2m_ram_rw;
     page = __mfn_to_page(gfn);
-    return get_page(page, d) ? page : NULL;
+    return mfn_valid(gfn) && get_page(page, d) ? page : NULL;
 }