[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/3] xen/arm: Fix off-by-one in iomem_deny_access() calls

  • To: Luca Fancellu <Luca.Fancellu@xxxxxxx>
  • From: Stefano Stabellini <stefano.stabellini@xxxxxxx>
  • Date: Thu, 9 Apr 2026 17:03:11 -0700
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=arm.com smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zgVP21WMuoqGG7UmabFPMkYWI2cIV4Qy5UVoD6ilV7E=; b=RAIXB+6Ux0JwK+ZTqv305TJwR92vmSvUSadUB2bDRe2v0xR4YsqPNsE9L519tdkYF/UcBUn14J/M2mxmsONHa5KkK3OpmFRo9U3iSUXg9NCEVEf2E/y1shr7778IH03s0ZMEkIw0JCscL5GDpnXJ9LFV/zAqZZRj89MW9k8jdCcJVEGcXraQPJZ3MGQjIoWiaW0JEYVa3wIF+if+kyhKv0VyRC4bfXQdzOcabHTaf23LOHyJKzvUOWQdezPltWPixJuD/1vUley4n0zxhFn4UaTF0Hp4Po46C9SxrR6/ekyoyu08aZT4zXQKPK3JyKUu3o7jWWqEfWcNMCt+2zJd+Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=NWEK8+iV5i/Yan2TRwdFe7PDRtU1Q1yfRJEtcK3OM7xoCehFz61QOeiK0PeSFbZ6iM1UrYnrBK903m28CxC3NO5gqo4+uWzZbpJ4XDsg2LzICzRH0hHyw2rQbf02yUy3nq0qlthy8e3wWXJSg/NMhcxZux719HWTlqc5XWdMPPTe9bsPiGs5TeBnU6wE6QQGEOB2J/NvGE1kSRRhX1iRRZS4i7DAQsv+5PQJeeuoFAsntdJrY8fEMLVZ5LDb0WYdcchIpNMl9wBn4SEUcHrcfbpHu2GTT4FizIyP9FI3ag1JpEMlLixMaFQdBfXdhD31a/ZZqDM6qlm8oJL6BRNpHw==
  • Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"
  • Cc: Michal Orzel <michal.orzel@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Julien Grall <julien@xxxxxxx>, Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Fri, 10 Apr 2026 00:03:44 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Thu, 9 Apr 2026, Luca Fancellu wrote:
> Hi Michal,
> 
> > On 9 Apr 2026, at 12:39, Michal Orzel <michal.orzel@xxxxxxx> wrote:
> > 
> > iomem_deny_access() wraps rangeset_remove_range() which takes inclusive
> > endpoints.  All call sites in the GIC and ACPI code pass 'mfn + nr' (or
> > 'mfn + 1' for single-page regions) as the end parameter, which causes
> > one extra page beyond each region to be denied.
> > 
> > For single-page regions, use 'mfn' as the end (denying exactly one page).
> > For all multi-page regions, use 'mfn + nr - 1'.
> > 
> > This matches the correct pattern used elsewhere, e.g. in device.c.
> > 
> > Fixes: 8300b3377e ("arm/gic: Add a new callback to deny Dom0 access to GIC 
> > regions")
> > Fixes: 66158be465 ("ARM: ITS: Deny hardware domain access to ITS")
> > Fixes: 97e9875646 ("arm/acpi: Permit MMIO access of Xen unused devices for 
> > Dom0")
> > Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
> > ---
> > 
> 
> This looks ok to me.
> 
> Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>

Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxx>

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.