From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: [PATCH v2 for-4.8] x86/hvm: Don't truncate the hvm
	hypercall index before range checking it
Date: Thu, 27 Oct 2016 16:05:44 +0100
Message-ID: <1477580744-11951-1-git-send-email-andrew.cooper3@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Xen-devel <xen-devel@lists.xen.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Wei Liu <wei.liu2@citrix.com>
List-Id: xen-devel@lists.xenproject.org

Yy9zIDVlZWNhNjhmIGludHJvZHVjZWQgdGhlIDY0Yml0IEFCSSBmb3IgSFZNIGd1ZXN0cywgYW5k
IGNob3NlIHRvIGV4cGxpY2l0bHkKdHJ1bmNhdGUgdGhlIGluZGV4LCBkZXNwaXRlIHRoZSBmYWN0
IHRoYXQgdGhlIGBtb3YgJGltbTMyLCAlZWF4YCBpbiB0aGUKaHlwZXJjYWxsIHBhZ2UgYWxyZWFk
eSBwcm92aWRlcyB0aGUgZXhwZWN0ZWQgdHJ1bmNhdGlvbi4KClRoZSB0cnVuY2F0aW9uIGlzbid0
IHZlcnkgb2J2aW91cywgYW5kIGlzIGNvdW50ZXJpbnR1aXRpdmUsIHNlZWluZyBhcyBhbGwKb3Ro
ZXIgNjRiaXQgcGFyYW1ldGVycyBhcmUgcGFzc2VkIHdpdGhvdXQgdHJ1bmNhdGlvbi4gIEl0IGlz
IGFsc28gZGlmZmVyZW50IHRvCnRoZSBQViBBQkksIHdoaWNoIGlzIG90aGVyd2lzZSBpZGVudGlj
YWwuCgpBcyB0aGUgaHlwZXJjYWxsIHBhZ2UgaGFzIGFsd2F5cyBiZWVuIHByZXNlbnQgZm9yIEhW
TSBndWVzdHMgKGFuZCBpbmRlZWQsIGlzCmJhc2ljYWxseSBtYW5kYXRvcnkgdG8gYWJzdHJhY3Qg
YXdheSB2ZW5kb3IgZGlmZmVyZW5jZXMpLCBpdCBpcyBleGNlZWRpbmdseQp1bmxpa2VseSB0aGF0
IGFueSBjb2RlIGV4aXN0cyB3aGljaCBlbnRlcnMgaHZtX2RvX2h5cGVyY2FsbCgpIHdpdGggdXBw
ZXIgYml0cwpzZXQgaW4gJXJheC4KClRoZXJlZm9yZSwgdGFrZSB0aGUgb3Bwb3J0dW5pdHkgdG8g
Zml4IHRoZSBBQkkgYmVmb3JlIGl0IGJlY29tZXMgaW1wb3NzaWJsZSB0bwpmaXguCgpXaGlsZSB0
d2Vha2luZyB0aGlzIGFyZWEsIGZpeCBvbmUgcGllY2Ugb2YgdHJhaWxpbmcgd2hpdGVzcGFjZS4K
ClNpZ25lZC1vZmYtYnk6IEFuZHJldyBDb29wZXIgPGFuZHJldy5jb29wZXIzQGNpdHJpeC5jb20+
ClJldmlld2VkLWJ5OiBKYW4gQmV1bGljaCA8amJldWxpY2hAc3VzZS5jb20+Ci0tLQpDQzogV2Vp
IExpdSA8d2VpLmxpdTJAY2l0cml4LmNvbT4KCnYyOgogKiBSZXdvcmsgdG8gYXZvaWQgZXh0cmEg
Y29uZGl0aW9uYWxzCiAqIFJld29yZCB0aGUgY29tbWl0IG1lc3NhZ2UKLS0tCiB4ZW4vYXJjaC94
ODYvaHZtL2h2bS5jIHwgMTIgKysrKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgNyBpbnNlcnRp
b25zKCspLCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL3hlbi9hcmNoL3g4Ni9odm0vaHZt
LmMgYi94ZW4vYXJjaC94ODYvaHZtL2h2bS5jCmluZGV4IDExZTJiODIuLjcwNGZkNjQgMTAwNjQ0
Ci0tLSBhL3hlbi9hcmNoL3g4Ni9odm0vaHZtLmMKKysrIGIveGVuL2FyY2gveDg2L2h2bS9odm0u
YwpAQCAtNDI3OSwxMSArNDI3OSwxMyBAQCBpbnQgaHZtX2RvX2h5cGVyY2FsbChzdHJ1Y3QgY3B1
X3VzZXJfcmVncyAqcmVncykKICAgICBzdHJ1Y3QgZG9tYWluICpjdXJyZCA9IGN1cnItPmRvbWFp
bjsKICAgICBzdHJ1Y3Qgc2VnbWVudF9yZWdpc3RlciBzcmVnOwogICAgIGludCBtb2RlID0gaHZt
X2d1ZXN0X3g4Nl9tb2RlKGN1cnIpOwotICAgIHVpbnQzMl90IGVheCA9IHJlZ3MtPmVheDsKKyAg
ICB1bnNpZ25lZCBsb25nIGVheCA9IHJlZ3MtPl9lYXg7CiAKICAgICBzd2l0Y2ggKCBtb2RlICkK
ICAgICB7Ci0gICAgY2FzZSA4OiAgICAgICAgCisgICAgY2FzZSA4OgorICAgICAgICBlYXggPSBy
ZWdzLT5yYXg7CisgICAgICAgIC8qIEZhbGx0aHJvdWdoIHRvIHBlcm1pc3Npb24gY2hlY2suICov
CiAgICAgY2FzZSA0OgogICAgIGNhc2UgMjoKICAgICAgICAgaHZtX2dldF9zZWdtZW50X3JlZ2lz
dGVyKGN1cnIsIHg4Nl9zZWdfc3MsICZzcmVnKTsKQEAgLTQzMjEsNyArNDMyMyw3IEBAIGludCBo
dm1fZG9faHlwZXJjYWxsKHN0cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgICAgICB1bnNp
Z25lZCBsb25nIHI4ID0gcmVncy0+cjg7CiAgICAgICAgIHVuc2lnbmVkIGxvbmcgcjkgPSByZWdz
LT5yOTsKIAotICAgICAgICBIVk1fREJHX0xPRyhEQkdfTEVWRUxfSENBTEwsICJoY2FsbCV1KCVs
eCwgJWx4LCAlbHgsICVseCwgJWx4LCAlbHgpIiwKKyAgICAgICAgSFZNX0RCR19MT0coREJHX0xF
VkVMX0hDQUxMLCAiaGNhbGwlbHUoJWx4LCAlbHgsICVseCwgJWx4LCAlbHgsICVseCkiLAogICAg
ICAgICAgICAgICAgICAgICBlYXgsIHJkaSwgcnNpLCByZHgsIHIxMCwgcjgsIHI5KTsKIAogI2lm
bmRlZiBOREVCVUcKQEAgLTQzNjgsNyArNDM3MCw3IEBAIGludCBodm1fZG9faHlwZXJjYWxsKHN0
cnVjdCBjcHVfdXNlcl9yZWdzICpyZWdzKQogICAgICAgICB1bnNpZ25lZCBpbnQgZWRpID0gcmVn
cy0+X2VkaTsKICAgICAgICAgdW5zaWduZWQgaW50IGVicCA9IHJlZ3MtPl9lYnA7CiAKLSAgICAg
ICAgSFZNX0RCR19MT0coREJHX0xFVkVMX0hDQUxMLCAiaGNhbGwldSgleCwgJXgsICV4LCAleCwg
JXgsICV4KSIsIGVheCwKKyAgICAgICAgSFZNX0RCR19MT0coREJHX0xFVkVMX0hDQUxMLCAiaGNh
bGwlbHUoJXgsICV4LCAleCwgJXgsICV4LCAleCkiLCBlYXgsCiAgICAgICAgICAgICAgICAgICAg
IGVieCwgZWN4LCBlZHgsIGVzaSwgZWRpLCBlYnApOwogCiAjaWZuZGVmIE5ERUJVRwpAQCAtNDQw
NCw3ICs0NDA2LDcgQEAgaW50IGh2bV9kb19oeXBlcmNhbGwoc3RydWN0IGNwdV91c2VyX3JlZ3Mg
KnJlZ3MpCiAjZW5kaWYKICAgICB9CiAKLSAgICBIVk1fREJHX0xPRyhEQkdfTEVWRUxfSENBTEws
ICJoY2FsbCV1IC0+ICVseCIsCisgICAgSFZNX0RCR19MT0coREJHX0xFVkVMX0hDQUxMLCAiaGNh
bGwlbHUgLT4gJWx4IiwKICAgICAgICAgICAgICAgICBlYXgsICh1bnNpZ25lZCBsb25nKXJlZ3Mt
PmVheCk7CiAKICAgICBpZiAoIGN1cnItPmFyY2guaHZtX3ZjcHUuaGNhbGxfcHJlZW1wdGVkICkK
LS0gCjIuMS40CgoKX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X18KWGVuLWRldmVsIG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczov
L2xpc3RzLnhlbi5vcmcveGVuLWRldmVsCg==