x86/xlat: fix UB pointer arithmetic in COMPAT_ARG_XLAT_VIRT_BASE
UBSAN complains with:
UBSAN: Undefined behaviour in common/compat/memory.c:90:9
pointer operation overflowed
ffff820080000000 to
0000020080000000
[...]
Xen call trace:
[<
ffff82d040303782>] R common/ubsan/ubsan.c#ubsan_epilogue+0xa/0xc0
[<
ffff82d040304bc3>] F __ubsan_handle_pointer_overflow+0xcb/0x100
[<
ffff82d0402a6259>] F compat_memory_op+0xf1/0x4d20
[<
ffff82d04041532d>] F hvm_memory_op+0x55/0xe0
[<
ffff82d040416150>] F hvm_hypercall+0xae8/0x21b0
[<
ffff82d0403b24ca>] F svm_vmexit_handler+0x1252/0x2450
[<
ffff82d0402049c0>] F svm_stgi_label+0x5/0x15
Adjust the calculations in COMPAT_ARG_XLAT_VIRT_BASE to subtract from the
per-domain area to obtain the mirrored linear address in the 4th slot,
instead of overflowing the per-domain linear address.
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
projects / xen.git / commit