| From e11423d6721dd63b23fb41ade5e8d0b448b17780 Mon Sep 17 00:00:00 2001 |
| From: Jan Beulich <jbeulich@suse.com> |
| Date: Wed, 22 Sep 2021 12:17:48 +0200 |
| Subject: xen/privcmd: fix error handling in mmap-resource processing |
| |
| From: Jan Beulich <jbeulich@suse.com> |
| |
| commit e11423d6721dd63b23fb41ade5e8d0b448b17780 upstream. |
| |
| xen_pfn_t is the same size as int only on 32-bit builds (and not even |
| on Arm32). Hence pfns[] can't be used directly to read individual error |
| values returned from xen_remap_domain_mfn_array(); every other error |
| indicator would be skipped/ignored on 64-bit. |
| |
| Fixes: 3ad0876554ca ("xen/privcmd: add IOCTL_PRIVCMD_MMAP_RESOURCE") |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Jan Beulich <jbeulich@suse.com> |
| Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| Link: https://lore.kernel.org/r/aa6d6a67-6889-338a-a910-51e889f792d5@suse.com |
| Signed-off-by: Juergen Gross <jgross@suse.com> |
| --- |
| drivers/xen/privcmd.c | 7 ++++--- |
| 1 file changed, 4 insertions(+), 3 deletions(-) |
| |
| --- a/drivers/xen/privcmd.c |
| +++ b/drivers/xen/privcmd.c |
| @@ -835,11 +835,12 @@ static long privcmd_ioctl_mmap_resource( |
| unsigned int domid = |
| (xdata.flags & XENMEM_rsrc_acq_caller_owned) ? |
| DOMID_SELF : kdata.dom; |
| - int num; |
| + int num, *errs = (int *)pfns; |
| |
| + BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns)); |
| num = xen_remap_domain_mfn_array(vma, |
| kdata.addr & PAGE_MASK, |
| - pfns, kdata.num, (int *)pfns, |
| + pfns, kdata.num, errs, |
| vma->vm_page_prot, |
| domid, |
| vma->vm_private_data); |
| @@ -849,7 +850,7 @@ static long privcmd_ioctl_mmap_resource( |
| unsigned int i; |
| |
| for (i = 0; i < num; i++) { |
| - rc = pfns[i]; |
| + rc = errs[i]; |
| if (rc < 0) |
| break; |
| } |