From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Mon, 5 Dec 2011 19:42:46 +0000 (+0000)
Subject: KEXEC: fix kexec_get_range_compat to fail vocally.
X-Git-Url: https://dgit.raspbian.org/%22http:/www.example.com/cgi/%22https:/%22bookmarks:///%22http:/www.example.com/cgi/%22https:/%22bookmarks:/?a=commitdiff_plain;h=2043419cfc831be0153580990ae5f812984e8ec5;p=xen.git

KEXEC: fix kexec_get_range_compat to fail vocally.

Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Simplify the bitwise arithmetic a bit.

Signed-off-by: Keir Fraser <keir@xen.org>
---

diff --git a/xen/common/kexec.c b/xen/common/kexec.c
index 1a3b52382d..e520348736 100644
--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -395,6 +395,10 @@ static int kexec_get_range_compat(XEN_GUEST_HANDLE(void) uarg)
 
     ret = kexec_get_range_internal(&range);
 
+    /* Dont silently truncate physical addresses or sizes. */
+    if ( (range.start | range.size) & ~(unsigned long)(~0u) )
+        return -ERANGE;
+
     if ( ret == 0 ) {
         XLAT_kexec_range(&compat_range, &range);
         if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) )