[PATCH] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
@ 2012-09-18 15:24 Jan Beulich
  2012-09-18 15:39 ` Keir Fraser
  0 siblings, 1 reply; 2+ messages in thread
From: Jan Beulich @ 2012-09-18 15:24 UTC (permalink / raw)
  To: xen-devel

In particular, the case of "np" being a very large value wasn't handled
correctly. The range start checks also were off by one (except that in
practice, when "np" is properly range checked, this would still have
been caught by the range end checks).

Also, is a GFN wrap in XEN_DOMCTL_memory_mapping really okay?

Signed-off-by: Jan Beulich <jbeulich@suse.com>

--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -884,7 +884,7 @@ long arch_do_domctl(
         int found = 0;
 
         ret = -EINVAL;
-        if ( (np == 0) || (fgp > MAX_IOPORTS) || (fmp > MAX_IOPORTS) ||
+        if ( ((fgp | fmp | (np - 1)) >= MAX_IOPORTS) ||
             ((fgp + np) > MAX_IOPORTS) || ((fmp + np) > MAX_IOPORTS) )
         {
             printk(XENLOG_G_ERR

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range
  2012-09-18 15:24 [PATCH] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range Jan Beulich
@ 2012-09-18 15:39 ` Keir Fraser
  0 siblings, 0 replies; 2+ messages in thread
From: Keir Fraser @ 2012-09-18 15:39 UTC (permalink / raw)
  To: Jan Beulich, xen-devel

On 18/09/2012 16:24, "Jan Beulich" <JBeulich@suse.com> wrote:

> In particular, the case of "np" being a very large value wasn't handled
> correctly. The range start checks also were off by one (except that in
> practice, when "np" is properly range checked, this would still have
> been caught by the range end checks).
> 
> Also, is a GFN wrap in XEN_DOMCTL_memory_mapping really okay?

Probably worth fixing?

> Signed-off-by: Jan Beulich <jbeulich@suse.com>

Acked-by: Keir Fraser <keir@xen.org>

> --- a/xen/arch/x86/domctl.c
> +++ b/xen/arch/x86/domctl.c
> @@ -884,7 +884,7 @@ long arch_do_domctl(
>          int found = 0;
>  
>          ret = -EINVAL;
> -        if ( (np == 0) || (fgp > MAX_IOPORTS) || (fmp > MAX_IOPORTS) ||
> +        if ( ((fgp | fmp | (np - 1)) >= MAX_IOPORTS) ||
>              ((fgp + np) > MAX_IOPORTS) || ((fmp + np) > MAX_IOPORTS) )
>          {
>              printk(XENLOG_G_ERR
> 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-09-18 15:39 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-09-18 15:24 [PATCH] x86: properly check XEN_DOMCTL_ioport_mapping arguments for invalid range Jan Beulich
2012-09-18 15:39 ` Keir Fraser

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).