From mboxrd@z Thu Jan 1 00:00:00 1970 From: Haitao Shan Subject: [PATCH] tools/ioemu: Fixing Security Hole in Qemu MSIX table access management Date: Tue, 12 Jul 2011 13:24:59 +0800 Message-ID: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=002215974b6669150d04a7d88550 Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Keir Fraser , Ian Jackson , Jan Beulich , George Dunlap , Tim Deegan List-Id: xen-devel@lists.xenproject.org --002215974b6669150d04a7d88550 Content-Type: text/plain; charset=ISO-8859-1 Hi, As reported by Jan, current Qemu does not handle MSIX table mapping properly. Details: MSI-X table resides in one of the physical BARs. When Qemu handles guest's changes to BAR register (within which, MSI-X table resides), Qemu first allows access of the whole BAR MMIO ranges and then removes those of MSI-X. There is a small window here. It is possible that on a SMP guests one vcpu could have access to the physical MSI-X configurations when another vcpu is writing BAR registers. The patch fixes this issue by first producing the valid MMIO ranges by removing MSI-X table's range from the whole BAR mmio range and later passing these ranges to Xen. Please have a review, thanks! Signed-off-by: Shan Haitao diff --git a/hw/pass-through.c b/hw/pass-through.c index 9c5620d..b9c2f32 100644 --- a/hw/pass-through.c +++ b/hw/pass-through.c @@ -92,6 +92,7 @@ #include #include +#include extern int gfx_passthru; int igd_passthru = 0; @@ -1103,6 +1104,7 @@ static void pt_iomem_map(PCIDevice *d, int i, uint32_t e_phys, uint32_t e_size, { struct pt_dev *assigned_device = (struct pt_dev *)d; uint32_t old_ebase = assigned_device->bases[i].e_physbase; + uint32_t msix_last_pfn = 0, bar_last_pfn = 0; int first_map = ( assigned_device->bases[i].e_size == 0 ); int ret = 0; @@ -1118,39 +1120,124 @@ static void pt_iomem_map(PCIDevice *d, int i, uint32_t e_phys, uint32_t e_size, if ( !first_map && old_ebase != -1 ) { - add_msix_mapping(assigned_device, i); - /* Remove old mapping */ - ret = xc_domain_memory_mapping(xc_handle, domid, + if ( has_msix_mapping(assigned_device, i) ) + { + msix_last_pfn = (assigned_device->msix->mmio_base_addr - 1 + + assigned_device->msix->total_entries * 16) >> XC_PAGE_SHIFT; + bar_last_pfn = (old_ebase + e_size - 1) >> XC_PAGE_SHIFT; + + if ( assigned_device->msix->table_off ) + { + ret = xc_domain_memory_mapping(xc_handle, domid, + old_ebase >> XC_PAGE_SHIFT, + assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT, + (assigned_device->msix->mmio_base_addr >> XC_PAGE_SHIFT) + - (old_ebase >> XC_PAGE_SHIFT), + DPCI_REMOVE_MAPPING); + if ( ret != 0 ) + { + PT_LOG("Error: remove old mapping failed!\n"); + return; + } + } + if ( msix_last_pfn != bar_last_pfn ) + { + assert(msix_last_pfn < bar_last_pfn); + ret = xc_domain_memory_mapping(xc_handle, domid, + msix_last_pfn + 1, + (assigned_device->bases[i].access.maddr + + assigned_device->msix->table_off + + assigned_device->msix->total_entries * 16 + + XC_PAGE_SIZE -1) >> XC_PAGE_SHIFT, + bar_last_pfn - msix_last_pfn, + DPCI_REMOVE_MAPPING); + if ( ret != 0 ) + { + PT_LOG("Error: remove old mapping failed!\n"); + return; + } + } + } + else + { + /* Remove old mapping */ + ret = xc_domain_memory_mapping(xc_handle, domid, old_ebase >> XC_PAGE_SHIFT, assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT, (e_size+XC_PAGE_SIZE-1) >> XC_PAGE_SHIFT, DPCI_REMOVE_MAPPING); - if ( ret != 0 ) - { - PT_LOG("Error: remove old mapping failed!\n"); - return; + if ( ret != 0 ) + { + PT_LOG("Error: remove old mapping failed!\n"); + return; + } } } /* map only valid guest address */ if (e_phys != -1) { - /* Create new mapping */ - ret = xc_domain_memory_mapping(xc_handle, domid, + if ( has_msix_mapping(assigned_device, i) ) + { + assigned_device->msix->mmio_base_addr = + assigned_device->bases[i].e_physbase + + assigned_device->msix->table_off; + + msix_last_pfn = (assigned_device->msix->mmio_base_addr - 1 + + assigned_device->msix->total_entries * 16) >> XC_PAGE_SHIFT; + bar_last_pfn = (e_phys + e_size - 1) >> XC_PAGE_SHIFT; + + cpu_register_physical_memory(assigned_device->msix->mmio_base_addr, + assigned_device->msix->total_entries * 16, + assigned_device->msix->mmio_index); + + if ( assigned_device->msix->table_off ) + { + ret = xc_domain_memory_mapping(xc_handle, domid, + assigned_device->bases[i].e_physbase >> XC_PAGE_SHIFT, + assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT, + (assigned_device->msix->mmio_base_addr >> XC_PAGE_SHIFT) + - (assigned_device->bases[i].e_physbase >> XC_PAGE_SHIFT), + DPCI_ADD_MAPPING); + if ( ret != 0 ) + { + PT_LOG("Error: remove old mapping failed!\n"); + return; + } + } + if ( msix_last_pfn != bar_last_pfn ) + { + assert(msix_last_pfn < bar_last_pfn); + ret = xc_domain_memory_mapping(xc_handle, domid, + msix_last_pfn + 1, + (assigned_device->bases[i].access.maddr + + assigned_device->msix->table_off + + assigned_device->msix->total_entries * 16 + + XC_PAGE_SIZE -1) >> XC_PAGE_SHIFT, + bar_last_pfn - msix_last_pfn, + DPCI_ADD_MAPPING); + if ( ret != 0 ) + { + PT_LOG("Error: remove old mapping failed!\n"); + return; + } + } + } + else + { + /* Create new mapping */ + ret = xc_domain_memory_mapping(xc_handle, domid, assigned_device->bases[i].e_physbase >> XC_PAGE_SHIFT, assigned_device->bases[i].access.maddr >> XC_PAGE_SHIFT, (e_size+XC_PAGE_SIZE-1) >> XC_PAGE_SHIFT, DPCI_ADD_MAPPING); - if ( ret != 0 ) - { - PT_LOG("Error: create new mapping failed!\n"); + if ( ret != 0 ) + { + PT_LOG("Error: create new mapping failed!\n"); + } } - ret = remove_msix_mapping(assigned_device, i); - if ( ret != 0 ) - PT_LOG("Error: remove MSI-X mmio mapping failed!\n"); - if ( old_ebase != e_phys && old_ebase != -1 ) pt_msix_update_remap(assigned_device, i); } diff --git a/hw/pt-msi.c b/hw/pt-msi.c index 71fa6f0..1fbebd4 100644 --- a/hw/pt-msi.c +++ b/hw/pt-msi.c @@ -528,39 +528,12 @@ static CPUReadMemoryFunc *pci_msix_read[] = { pci_msix_readl }; -int add_msix_mapping(struct pt_dev *dev, int bar_index) +int has_msix_mapping(struct pt_dev *dev, int bar_index) { if ( !(dev->msix && dev->msix->bar_index == bar_index) ) return 0; - return xc_domain_memory_mapping(xc_handle, domid, - dev->msix->mmio_base_addr >> XC_PAGE_SHIFT, - (dev->bases[bar_index].access.maddr - + dev->msix->table_off) >> XC_PAGE_SHIFT, - (dev->msix->total_entries * 16 - + XC_PAGE_SIZE -1) >> XC_PAGE_SHIFT, - DPCI_ADD_MAPPING); -} - -int remove_msix_mapping(struct pt_dev *dev, int bar_index) -{ - if ( !(dev->msix && dev->msix->bar_index == bar_index) ) - return 0; - - dev->msix->mmio_base_addr = dev->bases[bar_index].e_physbase - + dev->msix->table_off; - - cpu_register_physical_memory(dev->msix->mmio_base_addr, - dev->msix->total_entries * 16, - dev->msix->mmio_index); - - return xc_domain_memory_mapping(xc_handle, domid, - dev->msix->mmio_base_addr >> XC_PAGE_SHIFT, - (dev->bases[bar_index].access.maddr - + dev->msix->table_off) >> XC_PAGE_SHIFT, - (dev->msix->total_entries * 16 - + XC_PAGE_SIZE -1) >> XC_PAGE_SHIFT, - DPCI_REMOVE_MAPPING); + return 1; } int pt_msix_init(struct pt_dev *dev, int pos) diff --git a/hw/pt-msi.h b/hw/pt-msi.h index 9664f89..2dc1720 100644 --- a/hw/pt-msi.h +++ b/hw/pt-msi.h @@ -107,10 +107,7 @@ void pt_msix_disable(struct pt_dev *dev); int -remove_msix_mapping(struct pt_dev *dev, int bar_index); - -int -add_msix_mapping(struct pt_dev *dev, int bar_index); +has_msix_mapping(struct pt_dev *dev, int bar_index); int pt_msix_init(struct pt_dev *dev, int pos); --002215974b6669150d04a7d88550 Content-Type: application/octet-stream; name="fix_msix_sec_hole.patch" Content-Disposition: attachment; filename="fix_msix_sec_hole.patch" Content-Transfer-Encoding: base64 X-Attachment-Id: f_gq0ezbnr0 ZGlmZiAtLWdpdCBhL2h3L3Bhc3MtdGhyb3VnaC5jIGIvaHcvcGFzcy10aHJvdWdoLmMKaW5kZXgg OWM1NjIwZC4uYjljMmYzMiAxMDA2NDQKLS0tIGEvaHcvcGFzcy10aHJvdWdoLmMKKysrIGIvaHcv cGFzcy10aHJvdWdoLmMKQEAgLTkyLDYgKzkyLDcgQEAKIAogI2luY2x1ZGUgPHVuaXN0ZC5oPgog I2luY2x1ZGUgPHN5cy9pb2N0bC5oPgorI2luY2x1ZGUgPGFzc2VydC5oPgogCiBleHRlcm4gaW50 IGdmeF9wYXNzdGhydTsKIGludCBpZ2RfcGFzc3RocnUgPSAwOwpAQCAtMTEwMyw2ICsxMTA0LDcg QEAgc3RhdGljIHZvaWQgcHRfaW9tZW1fbWFwKFBDSURldmljZSAqZCwgaW50IGksIHVpbnQzMl90 IGVfcGh5cywgdWludDMyX3QgZV9zaXplLAogewogICAgIHN0cnVjdCBwdF9kZXYgKmFzc2lnbmVk X2RldmljZSAgPSAoc3RydWN0IHB0X2RldiAqKWQ7CiAgICAgdWludDMyX3Qgb2xkX2ViYXNlID0g YXNzaWduZWRfZGV2aWNlLT5iYXNlc1tpXS5lX3BoeXNiYXNlOworICAgIHVpbnQzMl90IG1zaXhf bGFzdF9wZm4gPSAwLCBiYXJfbGFzdF9wZm4gPSAwOwogICAgIGludCBmaXJzdF9tYXAgPSAoIGFz c2lnbmVkX2RldmljZS0+YmFzZXNbaV0uZV9zaXplID09IDAgKTsKICAgICBpbnQgcmV0ID0gMDsK IApAQCAtMTExOCwzOSArMTEyMCwxMjQgQEAgc3RhdGljIHZvaWQgcHRfaW9tZW1fbWFwKFBDSURl dmljZSAqZCwgaW50IGksIHVpbnQzMl90IGVfcGh5cywgdWludDMyX3QgZV9zaXplLAogCiAgICAg aWYgKCAhZmlyc3RfbWFwICYmIG9sZF9lYmFzZSAhPSAtMSApCiAgICAgewotICAgICAgICBhZGRf bXNpeF9tYXBwaW5nKGFzc2lnbmVkX2RldmljZSwgaSk7Ci0gICAgICAgIC8qIFJlbW92ZSBvbGQg bWFwcGluZyAqLwotICAgICAgICByZXQgPSB4Y19kb21haW5fbWVtb3J5X21hcHBpbmcoeGNfaGFu ZGxlLCBkb21pZCwKKyAgICAgICAgaWYgKCBoYXNfbXNpeF9tYXBwaW5nKGFzc2lnbmVkX2Rldmlj ZSwgaSkgKQorICAgICAgICB7CisgICAgICAgICAgICBtc2l4X2xhc3RfcGZuID0gKGFzc2lnbmVk X2RldmljZS0+bXNpeC0+bW1pb19iYXNlX2FkZHIgLSAxICsKKyAgICAgICAgICAgICAgICAgIGFz c2lnbmVkX2RldmljZS0+bXNpeC0+dG90YWxfZW50cmllcyAqIDE2KSA+PiAgWENfUEFHRV9TSElG VDsKKyAgICAgICAgICAgIGJhcl9sYXN0X3BmbiA9IChvbGRfZWJhc2UgKyBlX3NpemUgLSAxKSA+ PiBYQ19QQUdFX1NISUZUOworCisgICAgICAgICAgICBpZiAoIGFzc2lnbmVkX2RldmljZS0+bXNp eC0+dGFibGVfb2ZmICkKKyAgICAgICAgICAgIHsKKwkJICAgICAgICByZXQgPSB4Y19kb21haW5f bWVtb3J5X21hcHBpbmcoeGNfaGFuZGxlLCBkb21pZCwKKyAgICAgICAgICAgICAgICAgICAgb2xk X2ViYXNlID4+IFhDX1BBR0VfU0hJRlQsCisgICAgICAgICAgICAgICAgICAgIGFzc2lnbmVkX2Rl dmljZS0+YmFzZXNbaV0uYWNjZXNzLm1hZGRyID4+IFhDX1BBR0VfU0hJRlQsCisgICAgICAgICAg ICAgICAgICAgIChhc3NpZ25lZF9kZXZpY2UtPm1zaXgtPm1taW9fYmFzZV9hZGRyID4+IFhDX1BB R0VfU0hJRlQpCisgICAgICAgICAgICAgICAgICAgIC0gKG9sZF9lYmFzZSA+PiBYQ19QQUdFX1NI SUZUKSwKKyAgICAgICAgICAgICAgICAgICAgRFBDSV9SRU1PVkVfTUFQUElORyk7CisgICAgICAg ICAgICAgICAgaWYgKCByZXQgIT0gMCApCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAg ICAgICAgICBQVF9MT0coIkVycm9yOiByZW1vdmUgb2xkIG1hcHBpbmcgZmFpbGVkIVxuIik7Cisg ICAgICAgICAgICAgICAgICAgIHJldHVybjsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAg ICB9CisgICAgICAgICAgICBpZiAoIG1zaXhfbGFzdF9wZm4gIT0gYmFyX2xhc3RfcGZuICkKKyAg ICAgICAgICAgIHsKKyAgICAgICAgICAgICAgICBhc3NlcnQobXNpeF9sYXN0X3BmbiA8IGJhcl9s YXN0X3Bmbik7CisJCSAgICAgICAgcmV0ID0geGNfZG9tYWluX21lbW9yeV9tYXBwaW5nKHhjX2hh bmRsZSwgZG9taWQsCisgICAgICAgICAgICAgICAgICAgIG1zaXhfbGFzdF9wZm4gKyAxLAorICAg ICAgICAgICAgICAgICAgICAoYXNzaWduZWRfZGV2aWNlLT5iYXNlc1tpXS5hY2Nlc3MubWFkZHIg KworICAgICAgICAgICAgICAgICAgICAgYXNzaWduZWRfZGV2aWNlLT5tc2l4LT50YWJsZV9vZmYg KworICAgICAgICAgICAgICAgICAgICAgYXNzaWduZWRfZGV2aWNlLT5tc2l4LT50b3RhbF9lbnRy aWVzICogMTYgKworICAgICAgICAgICAgICAgICAgICAgWENfUEFHRV9TSVpFIC0xKSA+PiAgWENf UEFHRV9TSElGVCwKKyAgICAgICAgICAgICAgICAgICAgYmFyX2xhc3RfcGZuIC0gbXNpeF9sYXN0 X3BmbiwKKyAgICAgICAgICAgICAgICAgICAgRFBDSV9SRU1PVkVfTUFQUElORyk7CisgICAgICAg ICAgICAgICAgaWYgKCByZXQgIT0gMCApCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAg ICAgICAgICBQVF9MT0coIkVycm9yOiByZW1vdmUgb2xkIG1hcHBpbmcgZmFpbGVkIVxuIik7Cisg ICAgICAgICAgICAgICAgICAgIHJldHVybjsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAg ICB9CisgICAgICAgIH0KKyAgICAgICAgZWxzZQorICAgICAgICB7CisJCSAgICAvKiBSZW1vdmUg b2xkIG1hcHBpbmcgKi8KKwkJICAgIHJldCA9IHhjX2RvbWFpbl9tZW1vcnlfbWFwcGluZyh4Y19o YW5kbGUsIGRvbWlkLAogICAgICAgICAgICAgICAgIG9sZF9lYmFzZSA+PiBYQ19QQUdFX1NISUZU LAogICAgICAgICAgICAgICAgIGFzc2lnbmVkX2RldmljZS0+YmFzZXNbaV0uYWNjZXNzLm1hZGRy ID4+IFhDX1BBR0VfU0hJRlQsCiAgICAgICAgICAgICAgICAgKGVfc2l6ZStYQ19QQUdFX1NJWkUt MSkgPj4gWENfUEFHRV9TSElGVCwKICAgICAgICAgICAgICAgICBEUENJX1JFTU9WRV9NQVBQSU5H KTsKLSAgICAgICAgaWYgKCByZXQgIT0gMCApCi0gICAgICAgIHsKLSAgICAgICAgICAgIFBUX0xP RygiRXJyb3I6IHJlbW92ZSBvbGQgbWFwcGluZyBmYWlsZWQhXG4iKTsKLSAgICAgICAgICAgIHJl dHVybjsKKyAgICAgICAgICAgIGlmICggcmV0ICE9IDAgKQorICAgICAgICAgICAgeworICAgICAg ICAgICAgICAgIFBUX0xPRygiRXJyb3I6IHJlbW92ZSBvbGQgbWFwcGluZyBmYWlsZWQhXG4iKTsK KyAgICAgICAgICAgICAgICByZXR1cm47CisgICAgICAgICAgICB9CiAgICAgICAgIH0KICAgICB9 CiAKICAgICAvKiBtYXAgb25seSB2YWxpZCBndWVzdCBhZGRyZXNzICovCiAgICAgaWYgKGVfcGh5 cyAhPSAtMSkKICAgICB7Ci0gICAgICAgIC8qIENyZWF0ZSBuZXcgbWFwcGluZyAqLwotICAgICAg ICByZXQgPSB4Y19kb21haW5fbWVtb3J5X21hcHBpbmcoeGNfaGFuZGxlLCBkb21pZCwKKyAgICAg ICAgaWYgKCBoYXNfbXNpeF9tYXBwaW5nKGFzc2lnbmVkX2RldmljZSwgaSkgKQorCQl7CisgICAg ICAgICAgICBhc3NpZ25lZF9kZXZpY2UtPm1zaXgtPm1taW9fYmFzZV9hZGRyID0KKyAgICAgICAg ICAgICAgICBhc3NpZ25lZF9kZXZpY2UtPmJhc2VzW2ldLmVfcGh5c2Jhc2UKKyAgICAgICAgICAg ICAgICArIGFzc2lnbmVkX2RldmljZS0+bXNpeC0+dGFibGVfb2ZmOworCisgICAgICAgICAgICBt c2l4X2xhc3RfcGZuID0gKGFzc2lnbmVkX2RldmljZS0+bXNpeC0+bW1pb19iYXNlX2FkZHIgLSAx ICsKKyAgICAgICAgICAgICAgICAgIGFzc2lnbmVkX2RldmljZS0+bXNpeC0+dG90YWxfZW50cmll cyAqIDE2KSA+PiAgWENfUEFHRV9TSElGVDsKKyAgICAgICAgICAgIGJhcl9sYXN0X3BmbiA9IChl X3BoeXMgKyBlX3NpemUgLSAxKSA+PiBYQ19QQUdFX1NISUZUOworCisgICAgICAgICAgICBjcHVf cmVnaXN0ZXJfcGh5c2ljYWxfbWVtb3J5KGFzc2lnbmVkX2RldmljZS0+bXNpeC0+bW1pb19iYXNl X2FkZHIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhc3NpZ25lZF9kZXZpY2Ut Pm1zaXgtPnRvdGFsX2VudHJpZXMgKiAxNiwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIGFzc2lnbmVkX2RldmljZS0+bXNpeC0+bW1pb19pbmRleCk7CisKKyAgICAgICAgICAgIGlm ICggYXNzaWduZWRfZGV2aWNlLT5tc2l4LT50YWJsZV9vZmYgKQorICAgICAgICAgICAgeworCQkg ICAgICAgIHJldCA9IHhjX2RvbWFpbl9tZW1vcnlfbWFwcGluZyh4Y19oYW5kbGUsIGRvbWlkLAor ICAgICAgICAgICAgICAgICAgICBhc3NpZ25lZF9kZXZpY2UtPmJhc2VzW2ldLmVfcGh5c2Jhc2Ug Pj4gWENfUEFHRV9TSElGVCwKKyAgICAgICAgICAgICAgICAgICAgYXNzaWduZWRfZGV2aWNlLT5i YXNlc1tpXS5hY2Nlc3MubWFkZHIgPj4gWENfUEFHRV9TSElGVCwKKyAgICAgICAgICAgICAgICAg ICAgKGFzc2lnbmVkX2RldmljZS0+bXNpeC0+bW1pb19iYXNlX2FkZHIgPj4gWENfUEFHRV9TSElG VCkKKyAgICAgICAgICAgICAgICAgICAgLSAoYXNzaWduZWRfZGV2aWNlLT5iYXNlc1tpXS5lX3Bo eXNiYXNlID4+IFhDX1BBR0VfU0hJRlQpLAorICAgICAgICAgICAgICAgICAgICBEUENJX0FERF9N QVBQSU5HKTsKKyAgICAgICAgICAgICAgICBpZiAoIHJldCAhPSAwICkKKyAgICAgICAgICAgICAg ICB7CisgICAgICAgICAgICAgICAgICAgIFBUX0xPRygiRXJyb3I6IHJlbW92ZSBvbGQgbWFwcGlu ZyBmYWlsZWQhXG4iKTsKKyAgICAgICAgICAgICAgICAgICAgcmV0dXJuOworICAgICAgICAgICAg ICAgIH0KKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIGlmICggbXNpeF9sYXN0X3BmbiAhPSBi YXJfbGFzdF9wZm4gKQorICAgICAgICAgICAgeworICAgICAgICAgICAgICAgIGFzc2VydChtc2l4 X2xhc3RfcGZuIDwgYmFyX2xhc3RfcGZuKTsKKwkJICAgICAgICByZXQgPSB4Y19kb21haW5fbWVt b3J5X21hcHBpbmcoeGNfaGFuZGxlLCBkb21pZCwKKyAgICAgICAgICAgICAgICAgICAgbXNpeF9s YXN0X3BmbiArIDEsCisgICAgICAgICAgICAgICAgICAgIChhc3NpZ25lZF9kZXZpY2UtPmJhc2Vz W2ldLmFjY2Vzcy5tYWRkciArCisgICAgICAgICAgICAgICAgICAgICBhc3NpZ25lZF9kZXZpY2Ut Pm1zaXgtPnRhYmxlX29mZiArCisgICAgICAgICAgICAgICAgICAgICBhc3NpZ25lZF9kZXZpY2Ut Pm1zaXgtPnRvdGFsX2VudHJpZXMgKiAxNiArCisgICAgICAgICAgICAgICAgICAgICBYQ19QQUdF X1NJWkUgLTEpID4+ICBYQ19QQUdFX1NISUZULAorICAgICAgICAgICAgICAgICAgICBiYXJfbGFz dF9wZm4gLSBtc2l4X2xhc3RfcGZuLAorICAgICAgICAgICAgICAgICAgICBEUENJX0FERF9NQVBQ SU5HKTsKKyAgICAgICAgICAgICAgICBpZiAoIHJldCAhPSAwICkKKyAgICAgICAgICAgICAgICB7 CisgICAgICAgICAgICAgICAgICAgIFBUX0xPRygiRXJyb3I6IHJlbW92ZSBvbGQgbWFwcGluZyBm YWlsZWQhXG4iKTsKKyAgICAgICAgICAgICAgICAgICAgcmV0dXJuOworICAgICAgICAgICAgICAg IH0KKyAgICAgICAgICAgIH0KKwkJfQorCQllbHNlCisgICAgICAgIHsKKwkJCS8qIENyZWF0ZSBu ZXcgbWFwcGluZyAqLworCQkJcmV0ID0geGNfZG9tYWluX21lbW9yeV9tYXBwaW5nKHhjX2hhbmRs ZSwgZG9taWQsCiAgICAgICAgICAgICAgICAgYXNzaWduZWRfZGV2aWNlLT5iYXNlc1tpXS5lX3Bo eXNiYXNlID4+IFhDX1BBR0VfU0hJRlQsCiAgICAgICAgICAgICAgICAgYXNzaWduZWRfZGV2aWNl LT5iYXNlc1tpXS5hY2Nlc3MubWFkZHIgPj4gWENfUEFHRV9TSElGVCwKICAgICAgICAgICAgICAg ICAoZV9zaXplK1hDX1BBR0VfU0laRS0xKSA+PiBYQ19QQUdFX1NISUZULAogICAgICAgICAgICAg ICAgIERQQ0lfQUREX01BUFBJTkcpOwogCi0gICAgICAgIGlmICggcmV0ICE9IDAgKQotICAgICAg ICB7Ci0gICAgICAgICAgICBQVF9MT0coIkVycm9yOiBjcmVhdGUgbmV3IG1hcHBpbmcgZmFpbGVk IVxuIik7CisgICAgICAgICAgICBpZiAoIHJldCAhPSAwICkKKyAgICAgICAgICAgIHsKKyAgICAg ICAgICAgICAgICBQVF9MT0coIkVycm9yOiBjcmVhdGUgbmV3IG1hcHBpbmcgZmFpbGVkIVxuIik7 CisgICAgICAgICAgICB9CiAgICAgICAgIH0KIAotICAgICAgICByZXQgPSByZW1vdmVfbXNpeF9t YXBwaW5nKGFzc2lnbmVkX2RldmljZSwgaSk7Ci0gICAgICAgIGlmICggcmV0ICE9IDAgKQotICAg ICAgICAgICAgUFRfTE9HKCJFcnJvcjogcmVtb3ZlIE1TSS1YIG1taW8gbWFwcGluZyBmYWlsZWQh XG4iKTsKLQogICAgICAgICBpZiAoIG9sZF9lYmFzZSAhPSBlX3BoeXMgJiYgb2xkX2ViYXNlICE9 IC0xICkKICAgICAgICAgICAgIHB0X21zaXhfdXBkYXRlX3JlbWFwKGFzc2lnbmVkX2RldmljZSwg aSk7CiAgICAgfQpkaWZmIC0tZ2l0IGEvaHcvcHQtbXNpLmMgYi9ody9wdC1tc2kuYwppbmRleCA3 MWZhNmYwLi4xZmJlYmQ0IDEwMDY0NAotLS0gYS9ody9wdC1tc2kuYworKysgYi9ody9wdC1tc2ku YwpAQCAtNTI4LDM5ICs1MjgsMTIgQEAgc3RhdGljIENQVVJlYWRNZW1vcnlGdW5jICpwY2lfbXNp eF9yZWFkW10gPSB7CiAgICAgcGNpX21zaXhfcmVhZGwKIH07CiAKLWludCBhZGRfbXNpeF9tYXBw aW5nKHN0cnVjdCBwdF9kZXYgKmRldiwgaW50IGJhcl9pbmRleCkKK2ludCBoYXNfbXNpeF9tYXBw aW5nKHN0cnVjdCBwdF9kZXYgKmRldiwgaW50IGJhcl9pbmRleCkKIHsKICAgICBpZiAoICEoZGV2 LT5tc2l4ICYmIGRldi0+bXNpeC0+YmFyX2luZGV4ID09IGJhcl9pbmRleCkgKQogICAgICAgICBy ZXR1cm4gMDsKIAotICAgIHJldHVybiB4Y19kb21haW5fbWVtb3J5X21hcHBpbmcoeGNfaGFuZGxl LCBkb21pZCwKLSAgICAgICAgICAgICAgICBkZXYtPm1zaXgtPm1taW9fYmFzZV9hZGRyID4+IFhD X1BBR0VfU0hJRlQsCi0gICAgICAgICAgICAgICAgKGRldi0+YmFzZXNbYmFyX2luZGV4XS5hY2Nl c3MubWFkZHIKLSAgICAgICAgICAgICAgICArIGRldi0+bXNpeC0+dGFibGVfb2ZmKSA+PiBYQ19Q QUdFX1NISUZULAotICAgICAgICAgICAgICAgIChkZXYtPm1zaXgtPnRvdGFsX2VudHJpZXMgKiAx NgotICAgICAgICAgICAgICAgICsgWENfUEFHRV9TSVpFIC0xKSA+PiBYQ19QQUdFX1NISUZULAot ICAgICAgICAgICAgICAgIERQQ0lfQUREX01BUFBJTkcpOwotfQotCi1pbnQgcmVtb3ZlX21zaXhf bWFwcGluZyhzdHJ1Y3QgcHRfZGV2ICpkZXYsIGludCBiYXJfaW5kZXgpCi17Ci0gICAgaWYgKCAh KGRldi0+bXNpeCAmJiBkZXYtPm1zaXgtPmJhcl9pbmRleCA9PSBiYXJfaW5kZXgpICkKLSAgICAg ICAgcmV0dXJuIDA7Ci0KLSAgICBkZXYtPm1zaXgtPm1taW9fYmFzZV9hZGRyID0gZGV2LT5iYXNl c1tiYXJfaW5kZXhdLmVfcGh5c2Jhc2UKLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg KyBkZXYtPm1zaXgtPnRhYmxlX29mZjsKLQotICAgIGNwdV9yZWdpc3Rlcl9waHlzaWNhbF9tZW1v cnkoZGV2LT5tc2l4LT5tbWlvX2Jhc2VfYWRkciwKLSAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIGRldi0+bXNpeC0+dG90YWxfZW50cmllcyAqIDE2LAotICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgZGV2LT5tc2l4LT5tbWlvX2luZGV4KTsKLQotICAgIHJldHVybiB4Y19k b21haW5fbWVtb3J5X21hcHBpbmcoeGNfaGFuZGxlLCBkb21pZCwKLSAgICAgICAgICAgICAgICBk ZXYtPm1zaXgtPm1taW9fYmFzZV9hZGRyID4+IFhDX1BBR0VfU0hJRlQsCi0gICAgICAgICAgICAg ICAgKGRldi0+YmFzZXNbYmFyX2luZGV4XS5hY2Nlc3MubWFkZHIKLSAgICAgICAgICAgICAgICAr IGRldi0+bXNpeC0+dGFibGVfb2ZmKSA+PiBYQ19QQUdFX1NISUZULAotICAgICAgICAgICAgICAg IChkZXYtPm1zaXgtPnRvdGFsX2VudHJpZXMgKiAxNgotICAgICAgICAgICAgICAgICsgWENfUEFH RV9TSVpFIC0xKSA+PiBYQ19QQUdFX1NISUZULAotICAgICAgICAgICAgICAgIERQQ0lfUkVNT1ZF X01BUFBJTkcpOworCXJldHVybiAxOwogfQogCiBpbnQgcHRfbXNpeF9pbml0KHN0cnVjdCBwdF9k ZXYgKmRldiwgaW50IHBvcykKZGlmZiAtLWdpdCBhL2h3L3B0LW1zaS5oIGIvaHcvcHQtbXNpLmgK aW5kZXggOTY2NGY4OS4uMmRjMTcyMCAxMDA2NDQKLS0tIGEvaHcvcHQtbXNpLmgKKysrIGIvaHcv cHQtbXNpLmgKQEAgLTEwNywxMCArMTA3LDcgQEAgdm9pZAogcHRfbXNpeF9kaXNhYmxlKHN0cnVj dCBwdF9kZXYgKmRldik7CiAKIGludAotcmVtb3ZlX21zaXhfbWFwcGluZyhzdHJ1Y3QgcHRfZGV2 ICpkZXYsIGludCBiYXJfaW5kZXgpOwotCi1pbnQKLWFkZF9tc2l4X21hcHBpbmcoc3RydWN0IHB0 X2RldiAqZGV2LCBpbnQgYmFyX2luZGV4KTsKK2hhc19tc2l4X21hcHBpbmcoc3RydWN0IHB0X2Rl diAqZGV2LCBpbnQgYmFyX2luZGV4KTsKIAogaW50CiBwdF9tc2l4X2luaXQoc3RydWN0IHB0X2Rl diAqZGV2LCBpbnQgcG9zKTsK --002215974b6669150d04a7d88550 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel --002215974b6669150d04a7d88550--