From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: [PATCH] VT-d: avoid faulting in print_iommu_regs() Date: Tue, 23 Mar 2010 16:56:54 +0000 Message-ID: <4BA900E6020000780003691A@vpn.id2.novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=__PartBF9551C6.0__=" Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=__PartBF9551C6.0__= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline In c/s 21027 I overlooked that using this function when bad table data was found requires the function to also do some range checking. Signed-off-by: Jan Beulich --- 2010-03-22.orig/xen/drivers/passthrough/vtd/utils.c 2010-03-17 = 22:19:25.000000000 +0100 +++ 2010-03-22/xen/drivers/passthrough/vtd/utils.c 2010-03-23 = 17:52:20.000000000 +0100 @@ -67,10 +67,13 @@ void print_iommu_regs(struct acpi_drhd_u printk(" CAP =3D %"PRIx64"\n", cap =3D dmar_readq(iommu->reg, = DMAR_CAP_REG)); printk(" n_fault_reg =3D %"PRIx64"\n", cap_num_fault_regs(cap)); printk(" fault_recording_offset =3D %"PRIx64"\n", cap_fault_reg_offset= (cap)); - printk(" fault_recording_reg_l =3D %"PRIx64"\n", - dmar_readq(iommu->reg, cap_fault_reg_offset(cap))); - printk(" fault_recording_reg_h =3D %"PRIx64"\n", - dmar_readq(iommu->reg, cap_fault_reg_offset(cap) + 8)); + if ( cap_fault_reg_offset(cap) < PAGE_SIZE ) + { + printk(" fault_recording_reg_l =3D %"PRIx64"\n", + dmar_readq(iommu->reg, cap_fault_reg_offset(cap))); + printk(" fault_recording_reg_h =3D %"PRIx64"\n", + dmar_readq(iommu->reg, cap_fault_reg_offset(cap) + 8)); + } printk(" ECAP =3D %"PRIx64"\n", dmar_readq(iommu->reg, DMAR_ECAP_REG))= ; printk(" GCMD =3D %x\n", dmar_readl(iommu->reg, DMAR_GCMD_REG)); printk(" GSTS =3D %x\n", dmar_readl(iommu->reg, DMAR_GSTS_REG)); --=__PartBF9551C6.0__= Content-Type: text/plain; name="vtd-print-regs-check.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="vtd-print-regs-check.patch" In c/s 21027 I overlooked that using this function when bad table = data=0Awas found requires the function to also do some range checking.=0A= =0ASigned-off-by: Jan Beulich =0A=0A--- 2010-03-22.ori= g/xen/drivers/passthrough/vtd/utils.c 2010-03-17 22:19:25.000000000 = +0100=0A+++ 2010-03-22/xen/drivers/passthrough/vtd/utils.c 2010-03-23 = 17:52:20.000000000 +0100=0A@@ -67,10 +67,13 @@ void print_iommu_regs(struct= acpi_drhd_u=0A printk(" CAP =3D %"PRIx64"\n", cap =3D dmar_readq(iommu= ->reg, DMAR_CAP_REG));=0A printk(" n_fault_reg =3D %"PRIx64"\n", = cap_num_fault_regs(cap));=0A printk(" fault_recording_offset =3D = %"PRIx64"\n", cap_fault_reg_offset(cap));=0A- printk(" fault_recording_r= eg_l =3D %"PRIx64"\n",=0A- dmar_readq(iommu->reg, cap_fault_reg_o= ffset(cap)));=0A- printk(" fault_recording_reg_h =3D %"PRIx64"\n",=0A- = dmar_readq(iommu->reg, cap_fault_reg_offset(cap) + 8));=0A+ if = ( cap_fault_reg_offset(cap) < PAGE_SIZE )=0A+ {=0A+ printk(" = fault_recording_reg_l =3D %"PRIx64"\n",=0A+ dmar_readq(iommu-= >reg, cap_fault_reg_offset(cap)));=0A+ printk(" fault_recording_reg_= h =3D %"PRIx64"\n",=0A+ dmar_readq(iommu->reg, cap_fault_reg_= offset(cap) + 8));=0A+ }=0A printk(" ECAP =3D %"PRIx64"\n", = dmar_readq(iommu->reg, DMAR_ECAP_REG));=0A printk(" GCMD =3D %x\n", = dmar_readl(iommu->reg, DMAR_GCMD_REG));=0A printk(" GSTS =3D %x\n", = dmar_readl(iommu->reg, DMAR_GSTS_REG));=0A --=__PartBF9551C6.0__= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --=__PartBF9551C6.0__=--