File 68fb6f4f-libxl-BAR-address-truncation.patch of Package xen.41885
# Commit 421432b822184f990cd9ef157bbc2a24cfe96727
# Date 2025-10-24 13:21:35 +0100
# Author Jiqian Chen <Jiqian.Chen@amd.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
tools/libs/light: fix BAR memory address truncation
64-bit BAR memory address is truncated when removing a passthrough
pci device from guest since it uses "unsigned int".
So, change to use 64-bit type to fix this problem.
This is XSA-476 / CVE-2025-58149.
Fixes: b0a1af61678b ("libxenlight: implement pci passthrough")
Signed-off-by: Jiqian Chen <Jiqian.Chen@amd.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Acked-by: Anthony PERARD <anthony.perard@vates.tech>
--- a/tools/libs/light/libxl_pci.c
+++ b/tools/libs/light/libxl_pci.c
@@ -2168,7 +2168,7 @@ static void pci_remove_detached(libxl__e
{
STATE_AO_GC(prs->aodev->ao);
libxl_ctx *ctx = libxl__gc_owner(gc);
- unsigned int start = 0, end = 0, flags = 0, size = 0;
+ uint64_t start = 0, end = 0, flags = 0, size = 0;
int irq = 0, i, stubdomid = 0;
const char *sysfs_path;
FILE *f;
@@ -2198,7 +2198,8 @@ static void pci_remove_detached(libxl__e
}
for (i = 0; i < PROC_PCI_NUM_RESOURCES; i++) {
- if (fscanf(f, "0x%x 0x%x 0x%x\n", &start, &end, &flags) != 3)
+ if (fscanf(f, "0x%"SCNx64" 0x%"SCNx64" 0x%"SCNx64"\n",
+ &start, &end, &flags) != 3)
continue;
size = end - start + 1;
if (start) {
@@ -2207,7 +2208,7 @@ static void pci_remove_detached(libxl__e
size, 0);
if (rc < 0)
LOGED(ERROR, domid,
- "xc_domain_ioport_permission error 0x%x/0x%x",
+ "xc_domain_ioport_permission error %#"PRIx64"/%#"PRIx64,
start,
size);
} else {
@@ -2217,7 +2218,7 @@ static void pci_remove_detached(libxl__e
0);
if (rc < 0)
LOGED(ERROR, domid,
- "xc_domain_iomem_permission error 0x%x/0x%x",
+ "xc_domain_iomem_permission error %#"PRIx64"/%#"PRIx64,
start,
size);
}
