From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: [PATCH] ns16550: limit mapped MMIO size Date: Thu, 12 Nov 2015 08:52:48 -0700 Message-ID: <5644C3E002000078000B4594@prv-mh.provo.novell.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=__Part0F3810C0.1__=" Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1ZwuBA-0001xF-GE for xen-devel@lists.xenproject.org; Thu, 12 Nov 2015 15:52:52 +0000 List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel Cc: Ian Campbell , Keir Fraser , Ian Jackson , Tim Deegan List-Id: xen-devel@lists.xenproject.org This is a MIME message. If you are reading this text, you may want to consider changing to a mail reader or gateway that understands how to properly handle MIME multipart messages. --=__Part0F3810C0.1__= Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline There's no point in mapping more than the memory we actually may need to touch, and in fact the too large region could actually extend into another device's one (which currently is benign on x86 since only a single page gets mapped anyway, but which is a latent bug on ARM whenever PCI support gets enabled there). Signed-off-by: Jan Beulich --- a/xen/drivers/char/ns16550.c +++ b/xen/drivers/char/ns16550.c @@ -931,6 +931,8 @@ pci_uart_config (struct ns16550 *uart, i uart->io_base +=3D bar_idx * uart_param[p].uart_of= fset; if ( uart_param[p].base_baud ) uart->clock_hz =3D uart_param[p].base_baud * = 16; + size =3D max(8U << uart_param[p].reg_shift, + uart_param[p].uart_offset); /* Set device and MMIO region read only to Dom0 = */ uart->enable_ro =3D 1; break; --=__Part0F3810C0.1__= Content-Type: text/plain; name="ns16550-limit-size.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="ns16550-limit-size.patch" ns16550: limit mapped MMIO size=0A=0AThere's no point in mapping more than = the memory we actually may need=0Ato touch, and in fact the too large = region could actually extend into=0Aanother device's one (which currently = is benign on x86 since only a=0Asingle page gets mapped anyway, but which = is a latent bug on ARM=0Awhenever PCI support gets enabled there).=0A=0ASig= ned-off-by: Jan Beulich =0A=0A--- a/xen/drivers/char/ns1= 6550.c=0A+++ b/xen/drivers/char/ns16550.c=0A@@ -931,6 +931,8 @@ pci_uart_co= nfig (struct ns16550 *uart, i=0A uart->io_base = +=3D bar_idx * uart_param[p].uart_offset;=0A if ( = uart_param[p].base_baud )=0A uart->clock_hz = =3D uart_param[p].base_baud * 16;=0A+ size =3D = max(8U << uart_param[p].reg_shift,=0A+ = uart_param[p].uart_offset);=0A /* Set device and = MMIO region read only to Dom0 */=0A uart->enable_ro= =3D 1;=0A break;=0A --=__Part0F3810C0.1__= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel --=__Part0F3810C0.1__=--