[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH] vhpet: check that the set interrupt route is valid
The value written by the guest must be valid according to the mask provided in the interrupt routing capabilities register. If the interrupt is not valid set it to the first valid IRQ in the capabilities field if the timer is enabled, else just clear the field. Also refuse to start any timer that has an invalid interrupt route. Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- Cc: Jan Beulich <jbeulich@xxxxxxxx> Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- xen/arch/x86/hvm/hpet.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/xen/arch/x86/hvm/hpet.c b/xen/arch/x86/hvm/hpet.c index 28377091ca..8772802524 100644 --- a/xen/arch/x86/hvm/hpet.c +++ b/xen/arch/x86/hvm/hpet.c @@ -73,6 +73,9 @@ ((timer_config(h, n) & HPET_TN_INT_ROUTE_CAP_MASK) \ >> HPET_TN_INT_ROUTE_CAP_SHIFT) +#define timer_int_valid(h, n) \ + ((1u << timer_int_route(h, n)) & timer_int_route_cap(h, n)) + static inline uint64_t hpet_read_maincounter(HPETState *h, uint64_t guest_time) { ASSERT(rw_is_locked(&h->lock)); @@ -244,6 +247,12 @@ static void hpet_set_timer(HPETState *h, unsigned int tn, if ( !timer_enabled(h, tn) ) return; + if ( !timer_int_valid(h, tn) ) + { + ASSERT_UNREACHABLE(); + return; + } + tn_cmp = hpet_get_comparator(h, tn, guest_time); cur_tick = hpet_read_maincounter(h, guest_time); if ( timer_is_32bit(h, tn) ) @@ -304,6 +313,30 @@ static inline uint64_t hpet_fixup_reg( return new; } +static void timer_sanitize_int(HPETState *h, unsigned int tn) +{ + unsigned int irq; + + if ( timer_int_valid(h, tn) ) + return; + + h->hpet.timers[tn].config &= ~HPET_TN_ROUTE; + if ( !timer_enabled(h, tn) ) + return; + + /* + * If the requested interrupt is not valid and the timer is + * enabled pick the first irq. + */ + irq = ffs(timer_int_route_cap(h, tn)); + if ( !irq ) + { + ASSERT_UNREACHABLE(); + return; + } + h->hpet.timers[tn].config |= (irq - 1) << HPET_TN_ROUTE_SHIFT; +} + static int hpet_write( struct vcpu *v, unsigned long addr, unsigned int length, unsigned long val) @@ -386,6 +419,8 @@ static int hpet_write( h->hpet.timers[tn].config = hpet_fixup_reg(new_val, old_val, 0x3f4e); + timer_sanitize_int(h, tn); + if ( timer_level(h, tn) ) { gdprintk(XENLOG_ERR, @@ -621,6 +656,7 @@ static int hpet_load(struct domain *d, hvm_domain_context_t *h) if ( timer_is_32bit(hp, i) ) cmp = (uint32_t)cmp; hp->hpet.timers[i].cmp = cmp; + timer_sanitize_int(hp, i); } #undef C -- 2.17.0 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |