Message ID | 29514f9a-b630-f66e-286e-8b73fcf4d58a@suse.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | common: XSA-327 follow-up | expand |
Hi Jan, On 22/12/2020 08:14, Jan Beulich wrote: > Use ENXIO instead of EINVAL to cover the two cases of the address not > satisfying the requirements. This will make an issue here better stand > out at the call site. > > Also add a missing compat-mode related size check: If the sizes > differed, other code in the function would need changing. Accompany this > by a change to the initial sizeof() expression, tying it to the type of > the variable we're actually after (matching e.g. the alignof() added by > XSA-327). > > Signed-off-by: Jan Beulich <jbeulich@suse.com> > Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> Acked-by: Julien Grall <jgrall@amazon.com> Cheers,
--- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -1241,17 +1241,18 @@ int map_vcpu_info(struct vcpu *v, unsign struct page_info *page; unsigned int align; - if ( offset > (PAGE_SIZE - sizeof(vcpu_info_t)) ) - return -EINVAL; + if ( offset > (PAGE_SIZE - sizeof(*new_info)) ) + return -ENXIO; #ifdef CONFIG_COMPAT + BUILD_BUG_ON(sizeof(*new_info) != sizeof(new_info->compat)); if ( has_32bit_shinfo(d) ) align = alignof(new_info->compat); else #endif align = alignof(*new_info); if ( offset & (align - 1) ) - return -EINVAL; + return -ENXIO; if ( !mfn_eq(v->vcpu_info_mfn, INVALID_MFN) ) return -EINVAL;