From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Daley <mattjd@gmail.com>
Subject: [PATCH] xen: Fix xenctl_cpumap_to_cpumask buffer size
	check
Date: Tue, 13 Nov 2012 19:04:47 +1300
Message-ID: <1352786687-4498-1-git-send-email-mattjd@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xen.org
Cc: Matthew Daley <mattjd@gmail.com>
List-Id: xen-devel@lists.xenproject.org

xenctl_cpumap_to_cpumask incorrectly uses sizeof when checking whether
bits should be masked off from the input cpumap bitmap or not.

Fix by using the correct cpumask buffer size in place of sizeof.

Signed-off-by: Matthew Daley <mattjd@gmail.com>

diff --git a/xen/common/domctl.c b/xen/common/domctl.c
index e153cb4..204e951 100644
--- a/xen/common/domctl.c
+++ b/xen/common/domctl.c
@@ -78,7 +78,7 @@ int xenctl_cpumap_to_cpumask(
     {
         if ( copy_from_guest(bytemap, xenctl_cpumap->bitmap, copy_bytes) )
             err = -EFAULT;
-        if ( (xenctl_cpumap->nr_cpus & 7) && (guest_bytes <= sizeof(bytemap)) )
+        if ( (xenctl_cpumap->nr_cpus & 7) && (guest_bytes <= (nr_cpu_ids + 7) / 8) )
             bytemap[guest_bytes-1] &= ~(0xff << (xenctl_cpumap->nr_cpus & 7));
     }
 
-- 
1.7.10.4