From 55021ff9ab691f8c79c1f881aa8ac40ae1cd4ab9 Mon Sep 17 00:00:00 2001
From: Julien Grall <julien.grall@linaro.org>
Date: Wed, 23 Oct 2013 17:28:47 +0100
Subject: [PATCH] xen/arm: add_to_physmap_one: Avoid to map mfn 0 if an error
 occurs

By default, the function add_to_physmap_one set mfn to 0. Some code paths that
result to an error, continue and the map the mfn 0 (valid on ARM) to the
slot given by the guest.

To fix the problem, return directly an error if sanity check has failed.

Signed-off-by: Julien Grall <julien.grall@linaro.org>
Acked-by: Tim Deegan <tim@xen.org>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
 xen/arch/arm/mm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c
index 474dfef9db..eaeb0c389b 100644
--- a/xen/arch/arm/mm.c
+++ b/xen/arch/arm/mm.c
@@ -981,6 +981,8 @@ static int xenmem_add_to_physmap_one(
             idx &= ~XENMAPIDX_grant_table_status;
             if ( idx < nr_status_frames(d->grant_table) )
                 mfn = virt_to_mfn(d->grant_table->status[idx]);
+            else
+                return -EINVAL;
         }
         else
         {
@@ -990,6 +992,8 @@ static int xenmem_add_to_physmap_one(
 
             if ( idx < nr_grant_frames(d->grant_table) )
                 mfn = virt_to_mfn(d->grant_table->shared_raw[idx]);
+            else
+                return -EINVAL;
         }
         
         d->arch.grant_table_gpfn[idx] = gpfn;
@@ -999,6 +1003,8 @@ static int xenmem_add_to_physmap_one(
     case XENMAPSPACE_shared_info:
         if ( idx == 0 )
             mfn = virt_to_mfn(d->shared_info);
+        else
+            return -EINVAL;
         break;
     case XENMAPSPACE_gmfn_foreign:
     {
-- 
2.39.5