tools/libxc: Don't leave scratch_pfn uninitialised if the domain has no memory

c/s 5b5c40c0d1 "libxc: introduce a per architecture scratch pfn for temporary
grant mapping" accidentally an issue whereby there were two paths out of
xc_core_arch_get_scratch_gpfn() which returned 0, but only one of which
assigned a value to the gpfn parameter.

xc_domain_maximum_gpfn() can validly return 0, at which point gpfn 1 is a
valid scratch page to use.

In addition, widen rc before adding 1 and possibly overflowing.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Julien Grall <julien.grall@linaro.org>
CC: Jan Beulich <JBeulich@suse.com>
CC: Ian Campbell <Ian.Campbell@citrix.com>
CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>

diff --git a/tools/libxc/xc_core_x86.c b/tools/libxc/xc_core_x86.c
index fac99ec947fe2c209c25ee0f136cc0d9e7a88c3f..d8846f1fc5f1c1a89a40525ac593f828f2059520 100644 (file)
--- a/tools/libxc/xc_core_x86.c
+++ b/tools/libxc/xc_core_x86.c
@@ -214,10 +214,10 @@ xc_core_arch_get_scratch_gpfn(xc_interface *xch, domid_t domid,
 
     rc = xc_domain_maximum_gpfn(xch, domid);
 
-    if ( rc <= 0 )
+    if ( rc < 0 )
         return rc;
 
-    *gpfn = rc + 1;
+    *gpfn = (xen_pfn_t)rc + 1;
 
     return 0;
 }