From e7e0c88d8c7f316d65f7fd099f5d47076b4bce34 Mon Sep 17 00:00:00 2001 From: "ssmith@weybridge.uk.xensource.com" Date: Wed, 6 Sep 2006 13:16:02 +0100 Subject: [PATCH] [XEN] gnttab: Initialise maptrack->flags __gnttab_unmap_grant_ref verifies the validity of the handle by checking it against maptrack_limit and making sure that the flags field at the given handle is non-zero. This means that the flags of an unused handle should be zero in order to prevent unused handles from getting past this check. However, we don't seem to set it to zero to begin with when we allocate the maptrack table. This could potentially lead to the corruption of the other domain's internal state, and/or the hypervisor's internal state. This patch makes sure that it is zeroed. Signed-off-by: Herbert Xu --- xen/common/grant_table.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index be393d0dcb..e2eac58487 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -156,7 +156,10 @@ __gnttab_map_grant_ref( memcpy(new_mt, lgt->maptrack, PAGE_SIZE << lgt->maptrack_order); for ( i = lgt->maptrack_limit; i < (lgt->maptrack_limit << 1); i++ ) + { new_mt[i].ref = i+1; + new_mt[i].flags = 0; + } free_xenheap_pages(lgt->maptrack, lgt->maptrack_order); lgt->maptrack = new_mt; -- 2.30.2