| Message ID | 1506664786-8343-1-git-send-email-bhupinder.thakur@linaro.org |
|---|---|
| State | Accepted |
| Commit | b7ed331353a14f43f53eaf6a3a543ec8385193a3 |
| Headers | show |
| Series | [Xen-devel,v3] xen/arm: Fix the issue in cmp_mmio_handler used in find_mmio_handler | expand |
On Fri, 29 Sep 2017, Bhupinder Thakur wrote: > This patch fixes the wrong range check done in cmp_mmio_handler(). > > This function returns -1 , 0 or 1 based on whether the key value > is below the range, in the range or above the range where the range is > (start, start+size). However, it should check against (start, start+size-1) > because start+size falls outside the range. > > This resulted in returning a wrong mmio_handler for a given mmio address which > happened to be start+size. > > This bug was introduced when the mmio region search switched from > linear search to binary search in the following commit: > > 8047e09 "xen/arm: io: Use binary search for mmio handler lookup". > > Signed-off-by: Bhupinder Thakur <bhupinder.thakur@linaro.org> Reviewed-by: Stefano Stabellini <sstabellini@kernel.org> and committed > --- > CC: Stefano Stabellini <sstabellini@kernel.org> > CC: Julien Grall <julien.grall@arm.com> > > This patch may have to be back ported to 4.8 also. > > xen/arch/arm/io.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c > index e216128..c748d8f 100644 > --- a/xen/arch/arm/io.c > +++ b/xen/arch/arm/io.c > @@ -79,7 +79,7 @@ static int cmp_mmio_handler(const void *key, const void *elem) > if ( handler0->addr < handler1->addr ) > return -1; > > - if ( handler0->addr > (handler1->addr + handler1->size) ) > + if ( handler0->addr >= (handler1->addr + handler1->size) ) > return 1; > > return 0; > -- > 2.7.4 >
diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index e216128..c748d8f 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -79,7 +79,7 @@ static int cmp_mmio_handler(const void *key, const void *elem) if ( handler0->addr < handler1->addr ) return -1; - if ( handler0->addr > (handler1->addr + handler1->size) ) + if ( handler0->addr >= (handler1->addr + handler1->size) ) return 1; return 0;
This patch fixes the wrong range check done in cmp_mmio_handler(). This function returns -1 , 0 or 1 based on whether the key value is below the range, in the range or above the range where the range is (start, start+size). However, it should check against (start, start+size-1) because start+size falls outside the range. This resulted in returning a wrong mmio_handler for a given mmio address which happened to be start+size. This bug was introduced when the mmio region search switched from linear search to binary search in the following commit: 8047e09 "xen/arm: io: Use binary search for mmio handler lookup". Signed-off-by: Bhupinder Thakur <bhupinder.thakur@linaro.org> --- CC: Stefano Stabellini <sstabellini@kernel.org> CC: Julien Grall <julien.grall@arm.com> This patch may have to be back ported to 4.8 also. xen/arch/arm/io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)