From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 28 Nov 2017 12:14:10 +0000 (+0100)
Subject: x86: replace bad ASSERT() in xenmem_add_to_physmap_one()
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~1003
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f33d653f46f5889db7be4fef31d71bc871834c10;p=xen.git

x86: replace bad ASSERT() in xenmem_add_to_physmap_one()

There are no locks being held, i.e. it is possible to be triggered by
racy hypercall invocations. Subsequent code doesn't really depend on the
checked values, so this is not a security issue.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: George Dunlap <george.dunlap@citrix.com>
Release-acked-by: Julien Grall <julien.grall@linaro.org>
---

diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 886a5ee327..86c822d577 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4143,8 +4143,12 @@ int xenmem_add_to_physmap_one(
     /* Unmap from old location, if any. */
     old_gpfn = get_gpfn_from_mfn(mfn_x(mfn));
     ASSERT( old_gpfn != SHARED_M2P_ENTRY );
-    if ( space == XENMAPSPACE_gmfn || space == XENMAPSPACE_gmfn_range )
-        ASSERT( old_gpfn == gfn );
+    if ( (space == XENMAPSPACE_gmfn || space == XENMAPSPACE_gmfn_range) &&
+         old_gpfn != gfn )
+    {
+        rc = -EXDEV;
+        goto put_both;
+    }
     if ( old_gpfn != INVALID_M2P_ENTRY )
         rc = guest_physmap_remove_page(d, _gfn(old_gpfn), mfn, PAGE_ORDER_4K);