Overview

File 24358-kexec-compat-overflow.patch of Package xen

# HG changeset patch
# User Andrew Cooper <andrew.cooper3@citrix.com>
# Date 1323114166 0
# Node ID 9961a6d5356a57685b06f65133c6ade5041e3356
# Parent  832fa3f3543298a7125cd5f996d1e28dd7ba47b1
KEXEC: fix kexec_get_range_compat to fail vocally.

Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Simplify the bitwise arithmetic a bit.

Signed-off-by: Keir Fraser <keir@xen.org>

--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -395,6 +395,10 @@ static int kexec_get_range_compat(XEN_GU
 
     ret = kexec_get_range_internal(&range);
 
+    /* Dont silently truncate physical addresses or sizes. */
+    if ( (range.start | range.size) & ~(unsigned long)(~0u) )
+        return -ERANGE;
+
     if ( ret == 0 ) {
         XLAT_kexec_range(&compat_range, &range);
         if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) )
openSUSE Build Service is sponsored by
Places