From 631f828097724d3fa19c7641db3eee9931a901e8 Mon Sep 17 00:00:00 2001
From: Christian Limpach <Christian.Limpach@xensource.com>
Date: Thu, 1 Mar 2007 17:27:31 +0000
Subject: [PATCH] [XEN] Check that the cr3 mfn is valid before using it.

Signed-off-by: Christian Limpach <Christian.Limpach@xensource.com>
---
 xen/arch/x86/domain.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index a1e0950270..379adca582 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -630,10 +630,11 @@ int arch_set_info_guest(
         {
             cr3_pfn = gmfn_to_mfn(d, xen_cr3_to_pfn(c.nat->ctrlreg[3]));
 
-            if ( paging_mode_refcounts(d)
-                 ? !get_page(mfn_to_page(cr3_pfn), d)
-                 : !get_page_and_type(mfn_to_page(cr3_pfn), d,
-                                      PGT_base_page_table) )
+            if ( !mfn_valid(cr3_pfn) ||
+                 (paging_mode_refcounts(d)
+                  ? !get_page(mfn_to_page(cr3_pfn), d)
+                  : !get_page_and_type(mfn_to_page(cr3_pfn), d,
+                                       PGT_base_page_table)) )
             {
                 destroy_gdt(v);
                 return -EINVAL;
@@ -648,10 +649,11 @@ int arch_set_info_guest(
 
             cr3_pfn = gmfn_to_mfn(d, compat_cr3_to_pfn(c.cmp->ctrlreg[3]));
 
-            if ( paging_mode_refcounts(d)
-                 ? !get_page(mfn_to_page(cr3_pfn), d)
-                 : !get_page_and_type(mfn_to_page(cr3_pfn), d,
-                                    PGT_l3_page_table) )
+            if ( !mfn_valid(cr3_pfn) ||
+                 (paging_mode_refcounts(d)
+                  ? !get_page(mfn_to_page(cr3_pfn), d)
+                  : !get_page_and_type(mfn_to_page(cr3_pfn), d,
+                                       PGT_l3_page_table)) )
             {
                 destroy_gdt(v);
                 return -EINVAL;
-- 
2.30.2