[Xen-changelog] [xen-unstable] vt-d: Fixpanic in msi_msg_read_remap_rte with acpi=off

[Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1255678127 -3600
# Node ID 2370e16ab6d3a1c9de43babec48c8f14121d19bc
# Parent  648c674fcc96b09fc8fb9428843fec08c8d2fc4e
vt-d: Fixpanic in msi_msg_read_remap_rte with acpi=off

Xen panics when "acpi=off noacpi" is set. Problem is caused by
dereferencing NULL pointer in drhd after calling
acpi_find_matched_drhd_unit. As acpi_find_matched_drhd_unit can
return NULL, checks has to be done before returned value is used.

From: Miroslav Rezanina <mrezanin@xxxxxxxxxx>
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
---
 xen/drivers/passthrough/vtd/intremap.c |    6 ++++--
 xen/drivers/passthrough/vtd/iommu.c    |    5 +++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff -r 648c674fcc96 -r 2370e16ab6d3 xen/drivers/passthrough/vtd/intremap.c
--- a/xen/drivers/passthrough/vtd/intremap.c    Fri Oct 16 08:25:17 2009 +0100
+++ b/xen/drivers/passthrough/vtd/intremap.c    Fri Oct 16 08:28:47 2009 +0100
@@ -563,7 +563,8 @@ void msi_msg_read_remap_rte(
     struct iommu *iommu = NULL;
     struct ir_ctrl *ir_ctrl;
 
-    drhd = acpi_find_matched_drhd_unit(pdev);
+    if ( (drhd = acpi_find_matched_drhd_unit(pdev)) == NULL )
+        return;
     iommu = drhd->iommu;
 
     ir_ctrl = iommu_ir_ctrl(iommu);
@@ -581,7 +582,8 @@ void msi_msg_write_remap_rte(
     struct iommu *iommu = NULL;
     struct ir_ctrl *ir_ctrl;
 
-    drhd = acpi_find_matched_drhd_unit(pdev);
+    if ( (drhd = acpi_find_matched_drhd_unit(pdev)) == NULL )
+        return;
     iommu = drhd->iommu;
 
     ir_ctrl = iommu_ir_ctrl(iommu);
diff -r 648c674fcc96 -r 2370e16ab6d3 xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c       Fri Oct 16 08:25:17 2009 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c       Fri Oct 16 08:28:47 2009 +0100
@@ -1343,7 +1343,8 @@ static int reassign_device_ownership(
     if (!pdev)
         return -ENODEV;
 
-    drhd = acpi_find_matched_drhd_unit(pdev);
+    if ( (drhd = acpi_find_matched_drhd_unit(pdev)) == NULL )
+        return -ENODEV;
     pdev_iommu = drhd->iommu;
     domain_context_unmap(source, bus, devfn);
 
@@ -1357,7 +1358,7 @@ static int reassign_device_ownership(
     for_each_pdev ( source, pdev )
     {
         drhd = acpi_find_matched_drhd_unit(pdev);
-        if ( drhd->iommu == pdev_iommu )
+        if ( drhd && drhd->iommu == pdev_iommu )
         {
             found = 1;
             break;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog