Add bounds check to get_mfn_from_gpfn().

author kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>

Thu, 27 Apr 2006 13:13:42 +0000 (14:13 +0100)

committer kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>

Thu, 27 Apr 2006 13:13:42 +0000 (14:13 +0100)
author kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Thu, 27 Apr 2006 13:13:42 +0000 (14:13 +0100)
committer kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
Thu, 27 Apr 2006 13:13:42 +0000 (14:13 +0100)
diff --git a/xen/include/asm-x86/mm.h b/xen/include/asm-x86/mm.h

index 3bb8cc93e078ea82ad66031c54bc00b2a3c8bf71..383dea288ae10237acb9bff96026c96c1aa50123 100644 (file)
--- a/xen/include/asm-x86/mm.h
+++ b/xen/include/asm-x86/mm.h
@@ -274,6 +274,8 @@ int check_descriptor(struct desc_struct *d);
   * been used by the read-only MPT map.
   */
  #define phys_to_machine_mapping ((unsigned long *)RO_MPT_VIRT_START)
+#define NR_P2M_TABLE_ENTRIES    ((unsigned long *)RO_MPT_VIRT_END \
+                                 - phys_to_machine_mapping)
  #define INVALID_MFN             (~0UL)
  #define VALID_MFN(_mfn)         (!((_mfn) & (1U<<31)))
  
@@ -282,7 +284,9 @@ static inline unsigned long get_mfn_from_gpfn(unsigned long pfn)
  {
      unsigned long mfn;
  
-    if ( __copy_from_user(&mfn, &phys_to_machine_mapping[pfn], sizeof(mfn)) )
+    if ( unlikely(pfn >= NR_P2M_TABLE_ENTRIES) ||
+         unlikely(__copy_from_user(&mfn, &phys_to_machine_mapping[pfn],
+                                   sizeof(mfn))) )
         mfn = INVALID_MFN;
  
      return mfn;
author	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Thu, 27 Apr 2006 13:13:42 +0000 (14:13 +0100)
committer	kaf24@firebug.cl.cam.ac.uk <kaf24@firebug.cl.cam.ac.uk>
	Thu, 27 Apr 2006 13:13:42 +0000 (14:13 +0100)