* [PATCH] xen/pci: Allocate memory for physdev_pci_device_add's optarr
@ 2014-08-04 22:17 Boris Ostrovsky
2014-08-05 6:55 ` Jan Beulich
0 siblings, 1 reply; 2+ messages in thread
From: Boris Ostrovsky @ 2014-08-04 22:17 UTC (permalink / raw)
To: konrad.wilk, david.vrabel; +Cc: xen-devel, boris.ostrovsky
physdev_pci_device_add's optarr[] is a zero-sized array and therefore
reference to add.optarr[0] is accessing memory that does not belong to
the 'add' variable.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
---
drivers/xen/pci.c | 27 ++++++++++++++++-----------
1 files changed, 16 insertions(+), 11 deletions(-)
diff --git a/drivers/xen/pci.c b/drivers/xen/pci.c
index dd9c249..95ee430 100644
--- a/drivers/xen/pci.c
+++ b/drivers/xen/pci.c
@@ -41,24 +41,29 @@ static int xen_add_device(struct device *dev)
#endif
if (pci_seg_supported) {
- struct physdev_pci_device_add add = {
- .seg = pci_domain_nr(pci_dev->bus),
- .bus = pci_dev->bus->number,
- .devfn = pci_dev->devfn
+ struct {
+ struct physdev_pci_device_add add;
+ uint32_t pxm;
+ } add_ext = {
+ .add.seg = pci_domain_nr(pci_dev->bus),
+ .add.bus = pci_dev->bus->number,
+ .add.devfn = pci_dev->devfn
};
+ struct physdev_pci_device_add *add = &add_ext.add;
+
#ifdef CONFIG_ACPI
acpi_handle handle;
#endif
#ifdef CONFIG_PCI_IOV
if (pci_dev->is_virtfn) {
- add.flags = XEN_PCI_DEV_VIRTFN;
- add.physfn.bus = physfn->bus->number;
- add.physfn.devfn = physfn->devfn;
+ add->flags = XEN_PCI_DEV_VIRTFN;
+ add->physfn.bus = physfn->bus->number;
+ add->physfn.devfn = physfn->devfn;
} else
#endif
if (pci_ari_enabled(pci_dev->bus) && PCI_SLOT(pci_dev->devfn))
- add.flags = XEN_PCI_DEV_EXTFN;
+ add->flags = XEN_PCI_DEV_EXTFN;
#ifdef CONFIG_ACPI
handle = ACPI_HANDLE(&pci_dev->dev);
@@ -77,8 +82,8 @@ static int xen_add_device(struct device *dev)
status = acpi_evaluate_integer(handle, "_PXM",
NULL, &pxm);
if (ACPI_SUCCESS(status)) {
- add.optarr[0] = pxm;
- add.flags |= XEN_PCI_DEV_PXM;
+ add->optarr[0] = pxm;
+ add->flags |= XEN_PCI_DEV_PXM;
break;
}
status = acpi_get_parent(handle, &handle);
@@ -86,7 +91,7 @@ static int xen_add_device(struct device *dev)
}
#endif /* CONFIG_ACPI */
- r = HYPERVISOR_physdev_op(PHYSDEVOP_pci_device_add, &add);
+ r = HYPERVISOR_physdev_op(PHYSDEVOP_pci_device_add, add);
if (r != -ENOSYS)
return r;
pci_seg_supported = false;
--
1.7.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] xen/pci: Allocate memory for physdev_pci_device_add's optarr
2014-08-04 22:17 [PATCH] xen/pci: Allocate memory for physdev_pci_device_add's optarr Boris Ostrovsky
@ 2014-08-05 6:55 ` Jan Beulich
0 siblings, 0 replies; 2+ messages in thread
From: Jan Beulich @ 2014-08-05 6:55 UTC (permalink / raw)
To: boris.ostrovsky; +Cc: xen-devel, david.vrabel
>>> On 05.08.14 at 00:17, <boris.ostrovsky@oracle.com> wrote:
> physdev_pci_device_add's optarr[] is a zero-sized array and therefore
> reference to add.optarr[0] is accessing memory that does not belong to
> the 'add' variable.
>
> Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
> ---
> drivers/xen/pci.c | 27 ++++++++++++++++-----------
> 1 files changed, 16 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/xen/pci.c b/drivers/xen/pci.c
> index dd9c249..95ee430 100644
> --- a/drivers/xen/pci.c
> +++ b/drivers/xen/pci.c
> @@ -41,24 +41,29 @@ static int xen_add_device(struct device *dev)
> #endif
>
> if (pci_seg_supported) {
> - struct physdev_pci_device_add add = {
> - .seg = pci_domain_nr(pci_dev->bus),
> - .bus = pci_dev->bus->number,
> - .devfn = pci_dev->devfn
> + struct {
> + struct physdev_pci_device_add add;
> + uint32_t pxm;
> + } add_ext = {
> + .add.seg = pci_domain_nr(pci_dev->bus),
> + .add.bus = pci_dev->bus->number,
> + .add.devfn = pci_dev->devfn
> };
> + struct physdev_pci_device_add *add = &add_ext.add;
> +
> #ifdef CONFIG_ACPI
> acpi_handle handle;
> #endif
>
> #ifdef CONFIG_PCI_IOV
> if (pci_dev->is_virtfn) {
> - add.flags = XEN_PCI_DEV_VIRTFN;
> - add.physfn.bus = physfn->bus->number;
> - add.physfn.devfn = physfn->devfn;
> + add->flags = XEN_PCI_DEV_VIRTFN;
> + add->physfn.bus = physfn->bus->number;
> + add->physfn.devfn = physfn->devfn;
> } else
> #endif
> if (pci_ari_enabled(pci_dev->bus) && PCI_SLOT(pci_dev->devfn))
> - add.flags = XEN_PCI_DEV_EXTFN;
> + add->flags = XEN_PCI_DEV_EXTFN;
>
> #ifdef CONFIG_ACPI
> handle = ACPI_HANDLE(&pci_dev->dev);
> @@ -77,8 +82,8 @@ static int xen_add_device(struct device *dev)
> status = acpi_evaluate_integer(handle, "_PXM",
> NULL, &pxm);
> if (ACPI_SUCCESS(status)) {
> - add.optarr[0] = pxm;
> - add.flags |= XEN_PCI_DEV_PXM;
> + add->optarr[0] = pxm;
> + add->flags |= XEN_PCI_DEV_PXM;
> break;
> }
> status = acpi_get_parent(handle, &handle);
> @@ -86,7 +91,7 @@ static int xen_add_device(struct device *dev)
> }
> #endif /* CONFIG_ACPI */
>
> - r = HYPERVISOR_physdev_op(PHYSDEVOP_pci_device_add, &add);
> + r = HYPERVISOR_physdev_op(PHYSDEVOP_pci_device_add, add);
> if (r != -ENOSYS)
> return r;
> pci_seg_supported = false;
> --
> 1.7.1
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-05 6:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-04 22:17 [PATCH] xen/pci: Allocate memory for physdev_pci_device_add's optarr Boris Ostrovsky
2014-08-05 6:55 ` Jan Beulich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).