libxc: introduce xc_dom_seg_to_ptr_pages

Provide a version of xc_dom_seg_to_ptr which returns the number of
guest pages it has actually mapped.  This is useful for callers who
want to do range checking; we will use this later in this series.

This is part of the fix to a security issue, XSA-55.

Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Reviewed-by: Chuck Anderson <chuck.anderson@oracle.com>
v7: xc_dom_seg_to_ptr_pages now always expects pages_out!=NULL.
   (It seems silly to have it tolerate NULL when all the real callers
    pass non-NULL and there's a version which doesn't need pages_out
    anyway.  Fix the call in xc_dom_seg_to_ptr to have a dummy pages
    for pages_out.)

v5: xc_dom_seg_to_ptr_pages sets *pages_out=0 if it returns NULL.

v4 was:

Acked-by: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/tools/libxc/xc_dom.h b/tools/libxc/xc_dom.h
index ac36600ce78cbfda2e1285555d235921e2b9cd21..316c5cbefca4f791255bb43f5dcf4085d42d5869 100644 (file)
--- a/tools/libxc/xc_dom.h
+++ b/tools/libxc/xc_dom.h
@@ -294,14 +294,27 @@ void *xc_dom_pfn_to_ptr(struct xc_dom_image *dom, xen_pfn_t first,
 void xc_dom_unmap_one(struct xc_dom_image *dom, xen_pfn_t pfn);
 void xc_dom_unmap_all(struct xc_dom_image *dom);
 
-static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom,
-                                      struct xc_dom_seg *seg)
+static inline void *xc_dom_seg_to_ptr_pages(struct xc_dom_image *dom,
+                                      struct xc_dom_seg *seg,
+                                      xen_pfn_t *pages_out)
 {
     xen_vaddr_t segsize = seg->vend - seg->vstart;
     unsigned int page_size = XC_DOM_PAGE_SIZE(dom);
     xen_pfn_t pages = (segsize + page_size - 1) / page_size;
+    void *retval;
+
+    retval = xc_dom_pfn_to_ptr(dom, seg->pfn, pages);
+
+    *pages_out = retval ? pages : 0;
+    return retval;
+}
+
+static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom,
+                                      struct xc_dom_seg *seg)
+{
+    xen_pfn_t dummy;
 
-    return xc_dom_pfn_to_ptr(dom, seg->pfn, pages);
+    return xc_dom_seg_to_ptr_pages(dom, seg, &dummy);
 }
 
 static inline void *xc_dom_vaddr_to_ptr(struct xc_dom_image *dom,