freebsd-skq/sys/dev/xen/privcmd
Roger Pau Monné 288b2385b8 xen/privcmd: fix integer truncation in IOCTL_PRIVCMD_MMAPBATCH
The size field in the XENMEM_add_to_physmap_range is an uint16_t, and the
privcmd driver was doing an implicit truncation of an int into an uint16_t
when filling the hypercall parameters.

Fix this by adding a loop and making sure privcmd splits ioctl request into
2^16 chunks when issuing the hypercalls.

Reported and tested by:	Marcin Cieslak <saper@saper.info>
Sponsored by:		Citrix Systems R&D
2016-05-06 16:44:46 +00:00
..
privcmd.c xen/privcmd: fix integer truncation in IOCTL_PRIVCMD_MMAPBATCH 2016-05-06 16:44:46 +00:00