| Message ID | 20200805125109.7348-1-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/ioapic: Fix fixmap error path logic in ioapic_init_mappings() | expand |
On 05.08.2020 14:51, Andrew Cooper wrote: > In the case that bad_ioapic_register() fails, the current position of idx++ > means that clear_fixmap(idx) will be called with the wrong index, and not > clean up the mapping just created. > > Increment idx as part of the loop, rather than midway through the loop body. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff --git a/xen/arch/x86/io_apic.c b/xen/arch/x86/io_apic.c index 878ee5192d..e66fa99ec7 100644 --- a/xen/arch/x86/io_apic.c +++ b/xen/arch/x86/io_apic.c @@ -2543,7 +2543,7 @@ static void __init ioapic_init_mappings(void) nr_irqs_gsi = 0; - for ( i = 0; i < nr_ioapics; i++ ) + for ( i = 0; i < nr_ioapics; i++, idx++ ) { union IO_APIC_reg_01 reg_01; paddr_t ioapic_phys = mp_ioapics[i].mpc_apicaddr; @@ -2560,7 +2560,6 @@ static void __init ioapic_init_mappings(void) set_fixmap_nocache(idx, ioapic_phys); apic_printk(APIC_VERBOSE, "mapped IOAPIC to %08Lx (%08lx)\n", __fix_to_virt(idx), ioapic_phys); - idx++; if ( bad_ioapic_register(i) ) {
In the case that bad_ioapic_register() fails, the current position of idx++ means that clear_fixmap(idx) will be called with the wrong index, and not clean up the mapping just created. Increment idx as part of the loop, rather than midway through the loop body. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Wei Liu <wl@xen.org> CC: Roger Pau Monné <roger.pau@citrix.com> --- xen/arch/x86/io_apic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)