From 3459050e0443fa1179b39a1d85668e8c8933f27e Mon Sep 17 00:00:00 2001 From: Jan Beulich Date: Tue, 7 Jul 2015 10:29:35 +0200 Subject: [PATCH] gnttab: don't silently truncate frame numbers in gnttab_set_version() On a v2 -> v1 transition frame numbers previously stored in a 64-bit field have to fit into a 32-bit one. Signed-off-by: Jan Beulich Reviewed-by: Andrew Cooper Acked-by: Ian Campbell --- xen/common/grant_table.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index 999817dad3..d59079e4eb 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -2597,14 +2597,32 @@ gnttab_set_version(XEN_GUEST_HANDLE_PARAM(gnttab_set_version_t) uop) } } - /* XXX: If we're going to version 2, we could maybe shrink the - active grant table here. */ - - if ( op.version == 2 && gt->gt_version < 2 ) + switch ( gt->gt_version ) { - res = gnttab_populate_status_frames(d, gt, nr_grant_frames(gt)); - if ( res < 0) - goto out_unlock; + case 0: + if ( op.version == 2 ) + { + case 1: + /* XXX: We could maybe shrink the active grant table here. */ + res = gnttab_populate_status_frames(d, gt, nr_grant_frames(gt)); + if ( res < 0) + goto out_unlock; + } + break; + case 2: + for ( i = 0; i < GNTTAB_NR_RESERVED_ENTRIES; i++ ) + { + if ( ((shared_entry_v2(gt, i).hdr.flags & GTF_type_mask) == + GTF_permit_access) && + (shared_entry_v2(gt, i).full_page.frame >> 32) ) + { + gdprintk(XENLOG_WARNING, + "tried to change grant table version to 1 with non-representable entries\n"); + res = -ERANGE; + goto out_unlock; + } + } + break; } /* Preserve the first 8 entries (toolstack reserved grants) */ -- 2.39.5