| |
|
 |
|
 |
|
|
|
| |
|
|
xen-changelog
[Xen-changelog] [xen-unstable] [XEN] gnttab: Initialise maptrack->flags
# HG changeset patch
# User ssmith@xxxxxxxxxxxxxxxxxxxxxxxxxx
# Node ID 1de184deaa9c6fce2d7f12913b9da365e1accf86
# Parent 780409e8f0bae3bd2d1deae3f8f8fde2fd234755
[XEN] gnttab: Initialise maptrack->flags
__gnttab_unmap_grant_ref verifies the validity of the handle by
checking it against maptrack_limit and making sure that the flags
field at the given handle is non-zero.
This means that the flags of an unused handle should be zero in
order to prevent unused handles from getting past this check.
However, we don't seem to set it to zero to begin with when we
allocate the maptrack table. This could potentially lead to the
corruption of the other domain's internal state, and/or the hypervisor's
internal state.
This patch makes sure that it is zeroed.
Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
---
xen/common/grant_table.c | 3 +++
1 files changed, 3 insertions(+)
diff -r 780409e8f0ba -r 1de184deaa9c xen/common/grant_table.c
--- a/xen/common/grant_table.c Wed Sep 06 11:42:29 2006 +0100
+++ b/xen/common/grant_table.c Wed Sep 06 13:16:02 2006 +0100
@@ -156,7 +156,10 @@ __gnttab_map_grant_ref(
memcpy(new_mt, lgt->maptrack, PAGE_SIZE << lgt->maptrack_order);
for ( i = lgt->maptrack_limit; i < (lgt->maptrack_limit << 1); i++ )
+ {
new_mt[i].ref = i+1;
+ new_mt[i].flags = 0;
+ }
free_xenheap_pages(lgt->maptrack, lgt->maptrack_order);
lgt->maptrack = new_mt;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] |
Current Thread |
[Next in Thread> |
- [Xen-changelog] [xen-unstable] [XEN] gnttab: Initialise maptrack->flags,
Xen patchbot-unstable <=
|
|
|
| |
|
Home