From: Jiqian Chen Subject: tools/libs/light: fix BAR memory address truncation 64-bit BAR memory address is truncated when removing a passthrough pci device from guest since it uses "unsigned int". So, change to use 64-bit type to fix this problem. This is XSA-476 / CVE-2025-58149. Fixes: b0a1af61678b ("libxenlight: implement pci passthrough") Signed-off-by: Jiqian Chen Release-Acked-by: Oleksii Kurochko Reviewed-by: Juergen Gross Acked-by: Anthony PERARD diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 1647fd6f4756..7af602224aba 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -2179,7 +2179,7 @@ static void pci_remove_detached(libxl__egc *egc, { STATE_AO_GC(prs->aodev->ao); libxl_ctx *ctx = libxl__gc_owner(gc); - unsigned int start = 0, end = 0, flags = 0, size = 0; + uint64_t start = 0, end = 0, flags = 0, size = 0; int irq = 0, i, stubdomid = 0; const char *sysfs_path; FILE *f; @@ -2209,7 +2209,8 @@ static void pci_remove_detached(libxl__egc *egc, } for (i = 0; i < PROC_PCI_NUM_RESOURCES; i++) { - if (fscanf(f, "0x%x 0x%x 0x%x\n", &start, &end, &flags) != 3) + if (fscanf(f, "0x%"SCNx64" 0x%"SCNx64" 0x%"SCNx64"\n", + &start, &end, &flags) != 3) continue; size = end - start + 1; if (start) { @@ -2218,7 +2219,7 @@ static void pci_remove_detached(libxl__egc *egc, size, 0); if (rc < 0) LOGED(ERROR, domid, - "xc_domain_ioport_permission error 0x%x/0x%x", + "xc_domain_ioport_permission error %#"PRIx64"/%#"PRIx64, start, size); } else { @@ -2228,7 +2229,7 @@ static void pci_remove_detached(libxl__egc *egc, 0); if (rc < 0) LOGED(ERROR, domid, - "xc_domain_iomem_permission error 0x%x/0x%x", + "xc_domain_iomem_permission error %#"PRIx64"/%#"PRIx64, start, size); }