From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0691C433EF for ; Mon, 11 Oct 2021 13:54:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C019A61139 for ; Mon, 11 Oct 2021 13:54:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237895AbhJKN44 (ORCPT ); Mon, 11 Oct 2021 09:56:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:39696 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237893AbhJKNzE (ORCPT ); Mon, 11 Oct 2021 09:55:04 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id CADB461139; Mon, 11 Oct 2021 13:52:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1633960358; bh=k8Dfi/tsG487DiEhuAEZzV2hITLnU7ZWxivlI9YNBkg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XBjN+VS3LQDgb28dsO+PPc+zrIYieYjzp+qrrVD+ujEfDGhtJ+96TaqLgzqjv5oeS Cr/+3JURQIfk8ebfke2znDQ4e+yEiIjaLUQHeD7LNlNQcEA8TP+NGT1KxDHX2FqeY0 LFQsD0Y8+RlEgxn7tUFVoBhUFhSmoZ6qxoSoGLr4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jan Beulich , Boris Ostrovsky , Juergen Gross Subject: [PATCH 5.10 07/83] xen/privcmd: fix error handling in mmap-resource processing Date: Mon, 11 Oct 2021 15:45:27 +0200 Message-Id: <20211011134508.604625026@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211011134508.362906295@linuxfoundation.org> References: <20211011134508.362906295@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jan Beulich commit e11423d6721dd63b23fb41ade5e8d0b448b17780 upstream. xen_pfn_t is the same size as int only on 32-bit builds (and not even on Arm32). Hence pfns[] can't be used directly to read individual error values returned from xen_remap_domain_mfn_array(); every other error indicator would be skipped/ignored on 64-bit. Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE") Cc: stable@vger.kernel.org Signed-off-by: Jan Beulich Reviewed-by: Boris Ostrovsky Signed-off-by: Greg Kroah-Hartman Link: https://lore.kernel.org/r/aa6d6a67-6889-338a-a910-51e889f792d5@suse.com Signed-off-by: Juergen Gross --- drivers/xen/privcmd.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/drivers/xen/privcmd.c +++ b/drivers/xen/privcmd.c @@ -803,11 +803,12 @@ static long privcmd_ioctl_mmap_resource( unsigned int domid = (xdata.flags & XENMEM_rsrc_acq_caller_owned) ? DOMID_SELF : kdata.dom; - int num; + int num, *errs = (int *)pfns; + BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns)); num = xen_remap_domain_mfn_array(vma, kdata.addr & PAGE_MASK, - pfns, kdata.num, (int *)pfns, + pfns, kdata.num, errs, vma->vm_page_prot, domid, vma->vm_private_data); @@ -817,7 +818,7 @@ static long privcmd_ioctl_mmap_resource( unsigned int i; for (i = 0; i < num; i++) { - rc = pfns[i]; + rc = errs[i]; if (rc < 0) break; }