xen/24358-kexec-compat-overflow.patch

# HG changeset patch
# User Andrew Cooper <andrew.cooper3@citrix.com>
# Date 1323114166 0
# Node ID 9961a6d5356a57685b06f65133c6ade5041e3356
# Parent  832fa3f3543298a7125cd5f996d1e28dd7ba47b1
KEXEC: fix kexec_get_range_compat to fail vocally.

Fail with -ERANGE rather than silently truncating 64bit values (a
physical address and size) into 32bit integers for dom0 to consume.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Simplify the bitwise arithmetic a bit.

Signed-off-by: Keir Fraser <keir@xen.org>

--- a/xen/common/kexec.c
+++ b/xen/common/kexec.c
@@ -395,6 +395,10 @@ static int kexec_get_range_compat(XEN_GU
 
     ret = kexec_get_range_internal(&range);
 
+    /* Dont silently truncate physical addresses or sizes. */
+    if ( (range.start | range.size) & ~(unsigned long)(~0u) )
+        return -ERANGE;
+
     if ( ret == 0 ) {
         XLAT_kexec_range(&compat_range, &range);
         if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) )
- bnc#735806 - VF doesn't work after hot-plug for many times 24448-x86-pt-irq-leak.patch - Upstream patches from Jan 24261-x86-cpuidle-Westmere-EX.patch 24417-amd-erratum-573.patch 24429-mceinj-tool.patch 24447-x86-TXT-INIT-SIPI-delay.patch ioemu-9868-MSI-X.patch - bnc#732884 - remove private runlevel 4 from init scripts xen.no-default-runlevel-4.patch - bnc#727515 - Fragmented packets hang network boot of HVM guest ipxe-gcc45-warnings.patch ipxe-ipv4-fragment.patch ipxe-enable-nics.patch - fate#310510 - fix xenpaging update xenpaging.autostart.patch, make changes with mem-swap-target permanent update xenpaging.doc.patch, mention issues with live migration - fate#310510 - fix xenpaging add xenpaging.evict_mmap_readonly.patch update xenpaging.error-handling.patch, reduce debug output - bnc#736824 - Microcode patches for AMD's 15h processors panic the system 24189-x86-p2m-pod-locking.patch 24412-x86-AMD-errata-model-shift.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=164 2012-01-05 19:41:54 +00:00			`# HG changeset patch`
			`# User Andrew Cooper <andrew.cooper3@citrix.com>`
			`# Date 1323114166 0`
			`# Node ID 9961a6d5356a57685b06f65133c6ade5041e3356`
			`# Parent 832fa3f3543298a7125cd5f996d1e28dd7ba47b1`
			`KEXEC: fix kexec_get_range_compat to fail vocally.`

			`Fail with -ERANGE rather than silently truncating 64bit values (a`
			`physical address and size) into 32bit integers for dom0 to consume.`

			`Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>`

			`Simplify the bitwise arithmetic a bit.`

			`Signed-off-by: Keir Fraser <keir@xen.org>`

			`--- a/xen/common/kexec.c`
			`+++ b/xen/common/kexec.c`
			`@@ -395,6 +395,10 @@ static int kexec_get_range_compat(XEN_GU`

			`ret = kexec_get_range_internal(&range);`

			`+ /* Dont silently truncate physical addresses or sizes. */`
			`+ if ( (range.start \| range.size) & ~(unsigned long)(~0u) )`
			`+ return -ERANGE;`
			`+`
			`if ( ret == 0 ) {`
			`XLAT_kexec_range(&compat_range, &range);`
			`if ( unlikely(copy_to_guest(uarg, &compat_range, 1)) )`