Add an early basic check, yielding the same error code as the more
thorough on the the main handler would produce.
Fixes: b8a7efe8528a ("Enable compatibility mode operation for
HYPERVISOR_memory_op")
Reported-by: Manuel Andreas <manuel.andr...@tum.de>
Signed-off-by: Jan Beulich <jbeul...@suse.com>
--- a/xen/common/compat/memory.c
+++ b/xen/common/compat/memory.c
@@ -161,6 +161,11 @@ int compat_memory_op(unsigned int cmd, X
if ( copy_from_guest(&cmp.xchg, arg, 1) )
return -EFAULT;
+ /* Early coarse check, as max_order() isn't available here. */
+ if ( cmp.xchg.in.extent_order >= BITS_PER_INT ||
+ cmp.xchg.out.extent_order >= BITS_PER_INT )
+ return -EPERM;
+
order_delta = cmp.xchg.out.extent_order - cmp.xchg.in.extent_order;
/* Various sanity checks. */
if ( (cmp.xchg.nr_exchanged > cmp.xchg.in.nr_extents) ||
