[for-4.13] AMD/IOMMU: Fix crash in 'V' debugkey
diff mbox series

Message ID 20191113134136.16180-1-andrew.cooper3@citrix.com
State New
Headers show
Series
  • [for-4.13] AMD/IOMMU: Fix crash in 'V' debugkey
Related show

Commit Message

Andrew Cooper Nov. 13, 2019, 1:41 p.m. UTC
c/s bb038f31168 "AMD/IOMMU: replace INTREMAP_ENTRIES" introduces a call to
intremap_table_entries() in dump_intremap_table() before tbl.ptr is checked
for NULL.

intremap_table_entries() internally uses virt_to_page() which falls over

  ASSERT(va >= XEN_VIRT_START);

in __virt_to_page().

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Juergen Gross <jgross@suse.com>

For 4.13.  Regression vs 4.12
---
 xen/drivers/passthrough/amd/iommu_intr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Andrew Cooper Nov. 13, 2019, 1:45 p.m. UTC | #1
On 13/11/2019 13:41, Andrew Cooper wrote:
> c/s bb038f31168 "AMD/IOMMU: replace INTREMAP_ENTRIES" introduces a call to
> intremap_table_entries() in dump_intremap_table() before tbl.ptr is checked
> for NULL.
>
> intremap_table_entries() internally uses virt_to_page() which falls over
>
>   ASSERT(va >= XEN_VIRT_START);
>
> in __virt_to_page().
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Jan Beulich <JBeulich@suse.com>
> CC: Juergen Gross <jgross@suse.com>
>
> For 4.13.  Regression vs 4.12

Oops sorry.  Should have had a Reported-by: Igor Druzhinin
<igor.druzhinin@citrix.com>

Fixed up locally

~Andrew

> ---
>  xen/drivers/passthrough/amd/iommu_intr.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c
> index 1eed60f265..5e92c023f8 100644
> --- a/xen/drivers/passthrough/amd/iommu_intr.c
> +++ b/xen/drivers/passthrough/amd/iommu_intr.c
> @@ -847,11 +847,13 @@ static void dump_intremap_table(const struct amd_iommu *iommu,
>                                  union irte_cptr tbl,
>                                  const struct ivrs_mappings *ivrs_mapping)
>  {
> -    unsigned int count, nr = intremap_table_entries(tbl.ptr, iommu);
> +    unsigned int count, nr;
>  
>      if ( !tbl.ptr )
>          return;
>  
> +    nr = intremap_table_entries(tbl.ptr, iommu);
> +
>      for ( count = 0; count < nr; count++ )
>      {
>          if ( iommu->ctrl.ga_en
Jan Beulich Nov. 13, 2019, 2:29 p.m. UTC | #2
On 13.11.2019 14:41, Andrew Cooper wrote:
> c/s bb038f31168 "AMD/IOMMU: replace INTREMAP_ENTRIES" introduces a call to
> intremap_table_entries() in dump_intremap_table() before tbl.ptr is checked
> for NULL.
> 
> intremap_table_entries() internally uses virt_to_page() which falls over
> 
>   ASSERT(va >= XEN_VIRT_START);
> 
> in __virt_to_page().
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
Jürgen Groß Nov. 13, 2019, 2:31 p.m. UTC | #3
On 13.11.19 14:41, Andrew Cooper wrote:
> c/s bb038f31168 "AMD/IOMMU: replace INTREMAP_ENTRIES" introduces a call to
> intremap_table_entries() in dump_intremap_table() before tbl.ptr is checked
> for NULL.
> 
> intremap_table_entries() internally uses virt_to_page() which falls over
> 
>    ASSERT(va >= XEN_VIRT_START);
> 
> in __virt_to_page().
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Release-acked-by: Juergen Gross <jgross@suse.com>


Juergen

Patch
diff mbox series

diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c
index 1eed60f265..5e92c023f8 100644
--- a/xen/drivers/passthrough/amd/iommu_intr.c
+++ b/xen/drivers/passthrough/amd/iommu_intr.c
@@ -847,11 +847,13 @@  static void dump_intremap_table(const struct amd_iommu *iommu,
                                 union irte_cptr tbl,
                                 const struct ivrs_mappings *ivrs_mapping)
 {
-    unsigned int count, nr = intremap_table_entries(tbl.ptr, iommu);
+    unsigned int count, nr;
 
     if ( !tbl.ptr )
         return;
 
+    nr = intremap_table_entries(tbl.ptr, iommu);
+
     for ( count = 0; count < nr; count++ )
     {
         if ( iommu->ctrl.ga_en