File xsa476.patch of Package xen.42356

Subject: tools/libs/light: fix BAR memory address truncation
From: Jiqian Chen Jiqian.Chen@amd.com Fri Oct 24 13:23:34 2025 +0100
Date: Fri Oct 24 13:23:46 2025 +0100:
Git: 14b0ce576874031d17959cf1df65917d6e838523

64-bit BAR memory address is truncated when removing a passthrough
pci device from guest since it uses "unsigned int".

So, change to use 64-bit type to fix this problem.

This is XSA-476 / CVE-2025-58149.

Fixes: b0a1af61678b ("libxenlight: implement pci passthrough")
Signed-off-by: Jiqian Chen <Jiqian.Chen@amd.com>
Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@gmail.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Acked-by: Anthony PERARD <anthony.perard@vates.tech>
(cherry picked from commit 421432b822184f990cd9ef157bbc2a24cfe96727)

--- a/tools/libxl/libxl_pci.c
+++ b/tools/libxl/libxl_pci.c
@@ -1920,7 +1920,7 @@ static void do_pci_remove(libxl__egc *eg
         char *sysfs_path = GCSPRINTF(SYSFS_PCI_DEV"/"PCI_BDF"/resource", pcidev->domain,
                                      pcidev->bus, pcidev->dev, pcidev->func);
         FILE *f = fopen(sysfs_path, "r");
-        unsigned int start = 0, end = 0, flags = 0, size = 0;
+        uint64_t start = 0, end = 0, flags = 0, size = 0;
         int irq = 0;
         int i;
 
@@ -1929,7 +1929,8 @@ static void do_pci_remove(libxl__egc *eg
             goto skip1;
         }
         for (i = 0; i < PROC_PCI_NUM_RESOURCES; i++) {
-            if (fscanf(f, "0x%x 0x%x 0x%x\n", &start, &end, &flags) != 3)
+            if (fscanf(f, "0x%"SCNx64" 0x%"SCNx64" 0x%"SCNx64"\n",
+                       &start, &end, &flags) != 3)
                 continue;
             size = end - start + 1;
             if (start) {
@@ -1937,7 +1938,7 @@ static void do_pci_remove(libxl__egc *eg
                     rc = xc_domain_ioport_permission(ctx->xch, domid, start, size, 0);
                     if (rc < 0)
                         LOGED(ERROR, domainid,
-                              "xc_domain_ioport_permission error 0x%x/0x%x",
+                              "xc_domain_ioport_permission error %#"PRIx64"/%#"PRIx64,
                               start,
                               size);
                 } else {
@@ -1945,7 +1946,7 @@ static void do_pci_remove(libxl__egc *eg
                                                     (size+(XC_PAGE_SIZE-1))>>XC_PAGE_SHIFT, 0);
                     if (rc < 0)
                         LOGED(ERROR, domainid,
-                              "xc_domain_iomem_permission error 0x%x/0x%x",
+                              "xc_domain_iomem_permission error %#"PRIx64"/%#"PRIx64,
                               start,
                               size);
                 }