| Message ID | 49496057-afc0-f407-5a3b-7aeccedc1de1@suse.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86: fix off-by-one in is_xen_fixed_mfn() | expand |
On 23/10/2019 16:02, Jan Beulich wrote: > __2M_rwdata_end marks the first byte after the Xen image, not its last > byte. Subtract 1 to obtain the upper bound to compare against. (Note > that instead switching from <= to < is less desirable, as in principle > __pa() might return rubbish for addresses outside of the Xen image.) > > Since the & needs to be dropped from the line in question, also drop it > from the adjacent one. > > Reported-by: Julien Grall <julien.grall@arm.com> > Signed-off-by: Jan Beulich <jbeulich@suse.com> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- > Since the Arm side equivalent was taken for 4.13, this one should at > least be considered as well. +1 for inclusion into 4.13 ~Andrew
On 23.10.19 17:02, Jan Beulich wrote: > __2M_rwdata_end marks the first byte after the Xen image, not its last > byte. Subtract 1 to obtain the upper bound to compare against. (Note > that instead switching from <= to < is less desirable, as in principle > __pa() might return rubbish for addresses outside of the Xen image.) > > Since the & needs to be dropped from the line in question, also drop it > from the adjacent one. > > Reported-by: Julien Grall <julien.grall@arm.com> > Signed-off-by: Jan Beulich <jbeulich@suse.com> Release-acked-by: Juergen Gross <jgross@suse.com> Juergen
--- a/xen/include/asm-x86/mm.h +++ b/xen/include/asm-x86/mm.h @@ -285,8 +285,8 @@ struct page_info #define is_xen_heap_mfn(mfn) \ (mfn_valid(mfn) && is_xen_heap_page(mfn_to_page(mfn))) #define is_xen_fixed_mfn(mfn) \ - (((mfn_to_maddr(mfn)) >= __pa(&_stext)) && \ - ((mfn_to_maddr(mfn)) <= __pa(&__2M_rwdata_end))) + (((mfn_to_maddr(mfn)) >= __pa(_stext)) && \ + ((mfn_to_maddr(mfn)) <= __pa(__2M_rwdata_end - 1))) #define PRtype_info "016lx"/* should only be used for printk's */
__2M_rwdata_end marks the first byte after the Xen image, not its last byte. Subtract 1 to obtain the upper bound to compare against. (Note that instead switching from <= to < is less desirable, as in principle __pa() might return rubbish for addresses outside of the Xen image.) Since the & needs to be dropped from the line in question, also drop it from the adjacent one. Reported-by: Julien Grall <julien.grall@arm.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> --- Since the Arm side equivalent was taken for 4.13, this one should at least be considered as well.