projects / xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9e1f289)
[XEN] Check that the cr3 mfn is valid before using it.
authorChristian Limpach <Christian.Limpach@xensource.com>
Thu, 1 Mar 2007 17:27:31 +0000 (17:27 +0000)
committerChristian Limpach <Christian.Limpach@xensource.com>
Thu, 1 Mar 2007 17:27:31 +0000 (17:27 +0000)
Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
xen/arch/x86/domain.c patch | blob | history

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index a1e09502702e0f1e00a1b0ad11c66215f90e3935..379adca5822ae3834867d1b0c02474b9ec7b2f37 100644 (file)
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -630,10 +630,11 @@ int arch_set_info_guest(
         {
             cr3_pfn = gmfn_to_mfn(d, xen_cr3_to_pfn(c.nat->ctrlreg[3]));
 
-            if ( paging_mode_refcounts(d)
-                 ? !get_page(mfn_to_page(cr3_pfn), d)
-                 : !get_page_and_type(mfn_to_page(cr3_pfn), d,
-                                      PGT_base_page_table) )
+            if ( !mfn_valid(cr3_pfn) ||
+                 (paging_mode_refcounts(d)
+                  ? !get_page(mfn_to_page(cr3_pfn), d)
+                  : !get_page_and_type(mfn_to_page(cr3_pfn), d,
+                                       PGT_base_page_table)) )
             {
                 destroy_gdt(v);
                 return -EINVAL;
@@ -648,10 +649,11 @@ int arch_set_info_guest(
 
             cr3_pfn = gmfn_to_mfn(d, compat_cr3_to_pfn(c.cmp->ctrlreg[3]));
 
-            if ( paging_mode_refcounts(d)
-                 ? !get_page(mfn_to_page(cr3_pfn), d)
-                 : !get_page_and_type(mfn_to_page(cr3_pfn), d,
-                                    PGT_l3_page_table) )
+            if ( !mfn_valid(cr3_pfn) ||
+                 (paging_mode_refcounts(d)
+                  ? !get_page(mfn_to_page(cr3_pfn), d)
+                  : !get_page_and_type(mfn_to_page(cr3_pfn), d,
+                                       PGT_l3_page_table)) )
             {
                 destroy_gdt(v);
                 return -EINVAL;
Unnamed repository; edit this file 'description' to name the repository.