From 5100a5ede1a200a2831f0b357fb474b853f8c83f Mon Sep 17 00:00:00 2001
From: Keir Fraser <keir@xen.org>
Date: Fri, 29 Oct 2010 18:05:50 +0100
Subject: [PATCH] Xen: fix various checks of unsigned integers < 0

Some of these could be benignly discarded by the compiler but some are
actual bugs.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
---
 xen/arch/x86/mm.c                      | 4 ++--
 xen/arch/x86/physdev.c                 | 2 +-
 xen/arch/x86/platform_hypercall.c      | 1 -
 xen/arch/x86/x86_emulate/x86_emulate.c | 2 +-
 xen/drivers/cpufreq/cpufreq.c          | 3 +--
 5 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 96344db47e..3cda1afffd 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4533,7 +4533,7 @@ static int handle_iomem_range(unsigned long s, unsigned long e, void *p)
         ent.size = (uint64_t)(s - ctxt->s) << PAGE_SHIFT;
         ent.type = E820_RESERVED;
         buffer = guest_handle_cast(ctxt->map.buffer, e820entry_t);
-        if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) < 0 )
+        if ( __copy_to_guest_offset(buffer, ctxt->n, &ent, 1) )
             return -EFAULT;
         ctxt->n++;
     }
@@ -4750,7 +4750,7 @@ long arch_memory_op(int op, XEN_GUEST_HANDLE(void) arg)
             }
             if ( ctxt.map.nr_entries <= ctxt.n + (e820.nr_map - i) )
                 return -EINVAL;
-            if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) < 0 )
+            if ( __copy_to_guest_offset(buffer, ctxt.n, e820.map + i, 1) )
                 return -EFAULT;
             ctxt.s = PFN_UP(e820.map[i].addr + e820.map[i].size);
         }
diff --git a/xen/arch/x86/physdev.c b/xen/arch/x86/physdev.c
index baaff24ba2..6a12f0013e 100644
--- a/xen/arch/x86/physdev.c
+++ b/xen/arch/x86/physdev.c
@@ -202,7 +202,7 @@ ret_t do_physdev_op(int cmd, XEN_GUEST_HANDLE(void) arg)
         if ( copy_from_guest(&eoi, arg, 1) != 0 )
             break;
         ret = -EINVAL;
-        if ( eoi.irq < 0 || eoi.irq >= v->domain->nr_pirqs )
+        if ( eoi.irq >= v->domain->nr_pirqs )
             break;
         if ( v->domain->arch.pirq_eoi_map )
             evtchn_unmask(v->domain->pirq_to_evtchn[eoi.irq]);
diff --git a/xen/arch/x86/platform_hypercall.c b/xen/arch/x86/platform_hypercall.c
index 5be2970d36..4dd6a6f959 100644
--- a/xen/arch/x86/platform_hypercall.c
+++ b/xen/arch/x86/platform_hypercall.c
@@ -418,7 +418,6 @@ ret_t do_platform_op(XEN_GUEST_HANDLE(xen_platform_op_t) u_xenpf_op)
         }
 
         if ( (g_info->xen_cpuid >= NR_CPUS) ||
-             (g_info->xen_cpuid < 0) ||
              !cpu_present(g_info->xen_cpuid) )
         {
             g_info->flags |= XEN_PCPU_FLAGS_INVALID;
diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 51e199adbc..7ad0dd5d2f 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -2102,7 +2102,7 @@ x86_emulate(
             _regs.edx = (uint32_t)(((int32_t)_regs.eax < 0) ? -1 : 0);
             break;
         case 8:
-            _regs.edx = (_regs.eax < 0) ? -1 : 0;
+            _regs.edx = ((int64_t)_regs.eax < 0) ? -1 : 0;
             break;
         }
         break;
diff --git a/xen/drivers/cpufreq/cpufreq.c b/xen/drivers/cpufreq/cpufreq.c
index 9b2954fc09..4ecb7dedb3 100644
--- a/xen/drivers/cpufreq/cpufreq.c
+++ b/xen/drivers/cpufreq/cpufreq.c
@@ -116,8 +116,7 @@ int cpufreq_limit_change(unsigned int cpu)
         !processor_pminfo[cpu])
         return -ENODEV;
 
-    if ((perf->platform_limit < 0) || 
-        (perf->platform_limit >= perf->state_count))
+    if (perf->platform_limit >= perf->state_count)
         return -EINVAL;
 
     memcpy(&policy, data, sizeof(struct cpufreq_policy)); 
-- 
2.30.2