[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL for-2.9 7/9] i386: amd_iommu: fix MMIO register count
From: |
Michael S. Tsirkin |
Subject: |
[Qemu-devel] [PULL for-2.9 7/9] i386: amd_iommu: fix MMIO register count and access |
Date: |
Fri, 16 Dec 2016 23:17:23 +0200 |
From: Prasad J Pandit <address@hidden>
IOMMU MMIO registers are divided in two groups by their offsets.
Low offsets(<0x2000) registers are grouped into 'amdvi_mmio_low'
table and higher offsets(>=0x2000) registers are grouped into
'amdvi_mmio_high' table. No of registers in each table is given
by macro 'AMDVI_MMIO_REGS_LOW' and 'AMDVI_MMIO_REGS_HIGH' resp.
Values of these two macros were swapped, resulting in an OOB
access when reading 'amdvi_mmio_high' table. Correct these two
macros. Also read from 'amdvi_mmio_low' table for lower address.
Reported-by: Azureyang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/i386/amd_iommu.h | 4 ++--
hw/i386/amd_iommu.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/i386/amd_iommu.h b/hw/i386/amd_iommu.h
index 884926e..0d3dc6a 100644
--- a/hw/i386/amd_iommu.h
+++ b/hw/i386/amd_iommu.h
@@ -49,8 +49,8 @@
#define AMDVI_CAPAB_INIT_TYPE (3 << 16)
/* No. of used MMIO registers */
-#define AMDVI_MMIO_REGS_HIGH 8
-#define AMDVI_MMIO_REGS_LOW 7
+#define AMDVI_MMIO_REGS_HIGH 7
+#define AMDVI_MMIO_REGS_LOW 8
/* MMIO registers */
#define AMDVI_MMIO_DEVICE_TABLE 0x0000
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 47b79d9..e0732cc 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -562,7 +562,7 @@ static void amdvi_mmio_trace(hwaddr addr, unsigned size)
trace_amdvi_mmio_read(amdvi_mmio_high[index], addr, size, addr &
~0x07);
} else {
index = index >= AMDVI_MMIO_REGS_LOW ? AMDVI_MMIO_REGS_LOW : index;
- trace_amdvi_mmio_read(amdvi_mmio_high[index], addr, size, addr &
~0x07);
+ trace_amdvi_mmio_read(amdvi_mmio_low[index], addr, size, addr & ~0x07);
}
}
--
MST
- [Qemu-devel] [PULL for-2.9 0/9] virtio, vhost, pc: fixes, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 1/9] tests/vhost-user-bridge: remove false comment, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 2/9] tests/vhost-user-bridge: remove unnecessary dispatcher_remove, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 3/9] tests/vhost-user-bridge: indicate peer disconnected, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 4/9] tests/vhost-user-bridge: do not accept more than one connection, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 5/9] contrib: add libvhost-user, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 6/9] tests/vhost-user-bridge: use contrib/libvhost-user, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 7/9] i386: amd_iommu: fix MMIO register count and access,
Michael S. Tsirkin <=
- [Qemu-devel] [PULL for-2.9 8/9] pci: fix error message for express slots, Michael S. Tsirkin, 2016/12/16
- [Qemu-devel] [PULL for-2.9 9/9] virtio: avoid using guest_notifier_mask in vhost-user mode, Michael S. Tsirkin, 2016/12/16
- Re: [Qemu-devel] [PULL for-2.9 0/9] virtio, vhost, pc: fixes, no-reply, 2016/12/16