Searched hist:"288 b2385b85ea3ecea85147b68e124e0ac5f6616" (Results 1 – 1 of 1) sorted by relevance
| /freebsd/sys/dev/xen/privcmd/ |
| H A D | privcmd.c | diff 288b2385b85ea3ecea85147b68e124e0ac5f6616 Fri May 06 18:44:46 CEST 2016 Roger Pau Monné <royger@FreeBSD.org> xen/privcmd: fix integer truncation in IOCTL_PRIVCMD_MMAPBATCH
The size field in the XENMEM_add_to_physmap_range is an uint16_t, and the
privcmd driver was doing an implicit truncation of an int into an uint16_t
when filling the hypercall parameters.
Fix this by adding a loop and making sure privcmd splits ioctl request into
2^16 chunks when issuing the hypercalls.
Reported and tested by: Marcin Cieslak <saper@saper.info>
Sponsored by: Citrix Systems R&D
|