From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 7 Jul 2015 08:28:25 +0000 (+0200)
Subject: gnttab: fix out of range shift count
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~2943
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6d6e2997fbed4e148a716e68856eb1e3ffd1887f;p=xen.git

gnttab: fix out of range shift count

Commit 213f145114 ("gnttab: fix/adjust gnttab_transfer()") wasn't
careful enough in this regard.

Coverity ID: 1306859
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---

diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c
index db5e5db010..999817dad3 100644
--- a/xen/common/grant_table.c
+++ b/xen/common/grant_table.c
@@ -1829,7 +1829,8 @@ gnttab_transfer(
         max_bitsize = domain_clamp_alloc_bitsize(
             e, e->grant_table->gt_version > 1 || paging_mode_translate(e)
                ? BITS_PER_LONG + PAGE_SHIFT : 32 + PAGE_SHIFT);
-        if ( (1UL << (max_bitsize - PAGE_SHIFT)) <= mfn )
+        if ( max_bitsize < BITS_PER_LONG + PAGE_SHIFT &&
+             (mfn >> (max_bitsize - PAGE_SHIFT)) )
         {
             struct page_info *new_page;