XSA-55 has exposed errors for guest creation on ARM:
- domain virt_base was not defined;
- xc_dom_alloc_segment allocates pfn from 0 instead of the RAM base address.
Signed-off-by: Julien Grall <julien.grall@linaro.org>
---
tools/libxc/xc_dom_armzimageloader.c | 1 +
tools/libxc/xc_dom_core.c | 10 ++++++----
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/tools/libxc/xc_dom_armzimageloader.c
b/tools/libxc/xc_dom_armzimageloader.c
index 4cbbbab..54728b8 100644
--- a/tools/libxc/xc_dom_armzimageloader.c
+++ b/tools/libxc/xc_dom_armzimageloader.c
@@ -123,6 +123,7 @@ static int xc_dom_parse_zimage_kernel(struct xc_dom_image
*dom)
dom->kernel_seg.vend = v_end;
dom->parms.virt_entry = entry_addr;
+ dom->parms.virt_base = rambase;
dom->guest_type = "xen-3.0-armv7l";
DOMPRINTF("%s: %s: RAM starts at %"PRI_xen_pfn,
diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
index 3df7171..0f367f6 100644
--- a/tools/libxc/xc_dom_core.c
+++ b/tools/libxc/xc_dom_core.c
@@ -488,6 +488,7 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom,
{
unsigned int page_size = XC_DOM_PAGE_SIZE(dom);
xen_pfn_t pages = (size + page_size - 1) / page_size;
+ xen_pfn_t pfn;
void *ptr;
if ( start == 0 )
@@ -509,16 +510,17 @@ int xc_dom_alloc_segment(struct xc_dom_image *dom,
}
seg->vstart = start;
- seg->pfn = (seg->vstart - dom->parms.virt_base) / page_size;
+ pfn = (seg->vstart - dom->parms.virt_base) / page_size;
+ seg->pfn = pfn + dom->rambase_pfn;
if ( pages > dom->total_pages || /* multiple test avoids overflow
probs */
- seg->pfn > dom->total_pages ||
- pages > dom->total_pages - seg->pfn)
+ pfn > dom->total_pages ||
+ pages > dom->total_pages - pfn)
{
xc_dom_panic(dom->xch, XC_OUT_OF_MEMORY,
"%s: segment %s too large (0x%"PRIpfn" >
"
"0x%"PRIpfn" - 0x%"PRIpfn"
pages)",
- __FUNCTION__, name, pages, dom->total_pages,
seg->pfn);
+ __FUNCTION__, name, pages, dom->total_pages, pfn);
return -1;
}
--
1.7.10.4