| Message ID | 1382545727-6595-1-git-send-email-julien.grall@linaro.org |
|---|---|
| State | Accepted, archived |
| Headers | show |
At 17:28 +0100 on 23 Oct (1382545727), Julien Grall wrote: > By default, the function add_to_physmap_one set mfn to 0. Some code paths that > result to an error, continue and the map the mfn 0 (valid on ARM) to the > slot given by the guest. > > To fix the problem, return directly an error if sanity check has failed. > > Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Tim Deegan <tim@xen.org> > --- > xen/arch/arm/mm.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c > index 474dfef..eaeb0c3 100644 > --- a/xen/arch/arm/mm.c > +++ b/xen/arch/arm/mm.c > @@ -981,6 +981,8 @@ static int xenmem_add_to_physmap_one( > idx &= ~XENMAPIDX_grant_table_status; > if ( idx < nr_status_frames(d->grant_table) ) > mfn = virt_to_mfn(d->grant_table->status[idx]); > + else > + return -EINVAL; > } > else > { > @@ -990,6 +992,8 @@ static int xenmem_add_to_physmap_one( > > if ( idx < nr_grant_frames(d->grant_table) ) > mfn = virt_to_mfn(d->grant_table->shared_raw[idx]); > + else > + return -EINVAL; > } > > d->arch.grant_table_gpfn[idx] = gpfn; > @@ -999,6 +1003,8 @@ static int xenmem_add_to_physmap_one( > case XENMAPSPACE_shared_info: > if ( idx == 0 ) > mfn = virt_to_mfn(d->shared_info); > + else > + return -EINVAL; > break; > case XENMAPSPACE_gmfn_foreign: > { > -- > 1.8.3.1 >
On Wed, 23 Oct 2013, Julien Grall wrote: > By default, the function add_to_physmap_one set mfn to 0. Some code paths that > result to an error, continue and the map the mfn 0 (valid on ARM) to the > slot given by the guest. > > To fix the problem, return directly an error if sanity check has failed. > > Signed-off-by: Julien Grall <julien.grall@linaro.org> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> > xen/arch/arm/mm.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c > index 474dfef..eaeb0c3 100644 > --- a/xen/arch/arm/mm.c > +++ b/xen/arch/arm/mm.c > @@ -981,6 +981,8 @@ static int xenmem_add_to_physmap_one( > idx &= ~XENMAPIDX_grant_table_status; > if ( idx < nr_status_frames(d->grant_table) ) > mfn = virt_to_mfn(d->grant_table->status[idx]); > + else > + return -EINVAL; > } > else > { > @@ -990,6 +992,8 @@ static int xenmem_add_to_physmap_one( > > if ( idx < nr_grant_frames(d->grant_table) ) > mfn = virt_to_mfn(d->grant_table->shared_raw[idx]); > + else > + return -EINVAL; > } > > d->arch.grant_table_gpfn[idx] = gpfn; > @@ -999,6 +1003,8 @@ static int xenmem_add_to_physmap_one( > case XENMAPSPACE_shared_info: > if ( idx == 0 ) > mfn = virt_to_mfn(d->shared_info); > + else > + return -EINVAL; > break; > case XENMAPSPACE_gmfn_foreign: > { > -- > 1.8.3.1 >
On Wed, 2013-10-23 at 17:28 +0100, Julien Grall wrote: > By default, the function add_to_physmap_one set mfn to 0. Some code paths that > result to an error, continue and the map the mfn 0 (valid on ARM) to the > slot given by the guest. > > To fix the problem, return directly an error if sanity check has failed. > > Signed-off-by: Julien Grall <julien.grall@linaro.org> applied,thanks.
diff --git a/xen/arch/arm/mm.c b/xen/arch/arm/mm.c index 474dfef..eaeb0c3 100644 --- a/xen/arch/arm/mm.c +++ b/xen/arch/arm/mm.c @@ -981,6 +981,8 @@ static int xenmem_add_to_physmap_one( idx &= ~XENMAPIDX_grant_table_status; if ( idx < nr_status_frames(d->grant_table) ) mfn = virt_to_mfn(d->grant_table->status[idx]); + else + return -EINVAL; } else { @@ -990,6 +992,8 @@ static int xenmem_add_to_physmap_one( if ( idx < nr_grant_frames(d->grant_table) ) mfn = virt_to_mfn(d->grant_table->shared_raw[idx]); + else + return -EINVAL; } d->arch.grant_table_gpfn[idx] = gpfn; @@ -999,6 +1003,8 @@ static int xenmem_add_to_physmap_one( case XENMAPSPACE_shared_info: if ( idx == 0 ) mfn = virt_to_mfn(d->shared_info); + else + return -EINVAL; break; case XENMAPSPACE_gmfn_foreign: {
By default, the function add_to_physmap_one set mfn to 0. Some code paths that result to an error, continue and the map the mfn 0 (valid on ARM) to the slot given by the guest. To fix the problem, return directly an error if sanity check has failed. Signed-off-by: Julien Grall <julien.grall@linaro.org> --- xen/arch/arm/mm.c | 6 ++++++ 1 file changed, 6 insertions(+)