[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] xen/pci: Allocate memory for physdev_pci_device_add's optarr

physdev_pci_device_add's optarr[] is a zero-sized array and therefore
reference to add.optarr[0] is accessing memory that does not belong to
the 'add' variable.

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
---
 drivers/xen/pci.c |   27 ++++++++++++++++-----------
 1 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/drivers/xen/pci.c b/drivers/xen/pci.c
index dd9c249..95ee430 100644
--- a/drivers/xen/pci.c
+++ b/drivers/xen/pci.c
@@ -41,24 +41,29 @@ static int xen_add_device(struct device *dev)
 #endif
 
        if (pci_seg_supported) {
-               struct physdev_pci_device_add add = {
-                       .seg = pci_domain_nr(pci_dev->bus),
-                       .bus = pci_dev->bus->number,
-                       .devfn = pci_dev->devfn
+               struct {
+                       struct physdev_pci_device_add add;
+                       uint32_t pxm;
+               } add_ext = {
+                       .add.seg = pci_domain_nr(pci_dev->bus),
+                       .add.bus = pci_dev->bus->number,
+                       .add.devfn = pci_dev->devfn
                };
+               struct physdev_pci_device_add *add = &add_ext.add;
+
 #ifdef CONFIG_ACPI
                acpi_handle handle;
 #endif
 
 #ifdef CONFIG_PCI_IOV
                if (pci_dev->is_virtfn) {
-                       add.flags = XEN_PCI_DEV_VIRTFN;
-                       add.physfn.bus = physfn->bus->number;
-                       add.physfn.devfn = physfn->devfn;
+                       add->flags = XEN_PCI_DEV_VIRTFN;
+                       add->physfn.bus = physfn->bus->number;
+                       add->physfn.devfn = physfn->devfn;
                } else
 #endif
                if (pci_ari_enabled(pci_dev->bus) && PCI_SLOT(pci_dev->devfn))
-                       add.flags = XEN_PCI_DEV_EXTFN;
+                       add->flags = XEN_PCI_DEV_EXTFN;
 
 #ifdef CONFIG_ACPI
                handle = ACPI_HANDLE(&pci_dev->dev);
@@ -77,8 +82,8 @@ static int xen_add_device(struct device *dev)
                                status = acpi_evaluate_integer(handle, "_PXM",
                                                               NULL, &pxm);
                                if (ACPI_SUCCESS(status)) {
-                                       add.optarr[0] = pxm;
-                                       add.flags |= XEN_PCI_DEV_PXM;
+                                       add->optarr[0] = pxm;
+                                       add->flags |= XEN_PCI_DEV_PXM;
                                        break;
                                }
                                status = acpi_get_parent(handle, &handle);
@@ -86,7 +91,7 @@ static int xen_add_device(struct device *dev)
                }
 #endif /* CONFIG_ACPI */
 
-               r = HYPERVISOR_physdev_op(PHYSDEVOP_pci_device_add, &add);
+               r = HYPERVISOR_physdev_op(PHYSDEVOP_pci_device_add, add);
                if (r != -ENOSYS)
                        return r;
                pci_seg_supported = false;
-- 
1.7.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.