[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.8] x86/hvm/ioreq: MMIO range checking completely ignores direction flag

To: xen-changelog@xxxxxxxxxxxxxxxxxxxx
From: patchbot@xxxxxxx
Date: Sat, 22 Sep 2018 21:55:22 +0000
Delivery-date: Sat, 22 Sep 2018 21:55:25 +0000
List-id: "Change log for Mercurial \(receive only\)" <xen-changelog.lists.xenproject.org>

commit d1a5936d63ea1e33fd9dc8b3a8c41c804d77985a
Author:     Paul Durrant <paul.durrant@xxxxxxxxxx>
AuthorDate: Fri Sep 14 13:34:26 2018 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Sep 14 13:34:26 2018 +0200

    x86/hvm/ioreq: MMIO range checking completely ignores direction flag
    
    hvm_select_ioreq_server() is used to route an ioreq to the appropriate
    ioreq server. For MMIO this is done by comparing the range of the ioreq
    to the ranges registered by the device models of each ioreq server.
    Unfortunately the calculation of the range if the ioreq completely ignores
    the direction flag and thus may calculate the wrong range for comparison.
    Thus the ioreq may either be routed to the wrong server or erroneously
    terminated by null_ops.
    
    NOTE: The patch also fixes whitespace in the switch statement to make it
          style compliant.
    
    Signed-off-by: Paul Durrant <paul.durrant@xxxxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 60a56dc0064a00830663ffe48215dcd080cb9504
    master date: 2018-08-15 14:14:06 +0200
---
 xen/arch/x86/hvm/ioreq.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/hvm/ioreq.c b/xen/arch/x86/hvm/ioreq.c
index 45d218011f..6e249e5498 100644
--- a/xen/arch/x86/hvm/ioreq.c
+++ b/xen/arch/x86/hvm/ioreq.c
@@ -1198,20 +1198,25 @@ struct hvm_ioreq_server *hvm_select_ioreq_server(struct 
domain *d,
 
         switch ( type )
         {
-            unsigned long end;
+            unsigned long start, end;
 
         case HVMOP_IO_RANGE_PORT:
-            end = addr + p->size - 1;
-            if ( rangeset_contains_range(r, addr, end) )
+            start = addr;
+            end = start + p->size - 1;
+            if ( rangeset_contains_range(r, start, end) )
                 return s;
 
             break;
+
         case HVMOP_IO_RANGE_MEMORY:
-            end = addr + (p->size * p->count) - 1;
-            if ( rangeset_contains_range(r, addr, end) )
+            start = hvm_mmio_first_byte(p);
+            end = hvm_mmio_last_byte(p);
+
+            if ( rangeset_contains_range(r, start, end) )
                 return s;
 
             break;
+
         case HVMOP_IO_RANGE_PCI:
             if ( rangeset_contains_singleton(r, addr >> 32) )
             {
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

Prev by Date: [Xen-changelog] [xen stable-4.8] x86/vlapic: Bugfixes and improvements to vlapic_{read, write}()
Next by Date: [Xen-changelog] [xen stable-4.8] x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address
Previous by thread: [Xen-changelog] [xen stable-4.8] x86/vlapic: Bugfixes and improvements to vlapic_{read, write}()
Next by thread: [Xen-changelog] [xen stable-4.8] x86/setup: Avoid OoB E820 lookup when calculating the L1TF safe address
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.