| commit | d9429b84af2302b6e28bec3c52710cf67eda3cee | |
| author | Prasad J Pandit <pjp@fedoraproject.org> | |
| Fri, 2 Dec 2016 11:16:26 +0000 (2 16:46 +0530) | ||
| committer | Michael S. Tsirkin <mst@redhat.com> | |
| Thu, 15 Dec 2016 23:14:38 +0000 (16 01:14 +0200) | ||
| tree | bd2c363db117e20496965501db75c137cf523ffb | treesnapshot (tar.gz zip) |
| parent | e10e798c85c2331dab338b6a01835ebde81136e5 | commitdiff |
i386: amd_iommu: fix MMIO register count and access
IOMMU MMIO registers are divided in two groups by their offsets.
Low offsets(<0x2000) registers are grouped into 'amdvi_mmio_low'
table and higher offsets(>=0x2000) registers are grouped into
'amdvi_mmio_high' table. No of registers in each table is given
by macro 'AMDVI_MMIO_REGS_LOW' and 'AMDVI_MMIO_REGS_HIGH' resp.
Values of these two macros were swapped, resulting in an OOB
access when reading 'amdvi_mmio_high' table. Correct these two
macros. Also read from 'amdvi_mmio_low' table for lower address.
Reported-by: Azureyang <azureyang@tencent.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
IOMMU MMIO registers are divided in two groups by their offsets.
Low offsets(<0x2000) registers are grouped into 'amdvi_mmio_low'
table and higher offsets(>=0x2000) registers are grouped into
'amdvi_mmio_high' table. No of registers in each table is given
by macro 'AMDVI_MMIO_REGS_LOW' and 'AMDVI_MMIO_REGS_HIGH' resp.
Values of these two macros were swapped, resulting in an OOB
access when reading 'amdvi_mmio_high' table. Correct these two
macros. Also read from 'amdvi_mmio_low' table for lower address.
Reported-by: Azureyang <azureyang@tencent.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| hw/i386/amd_iommu.c | diffblobblamehistory | |
| hw/i386/amd_iommu.h | diffblobblamehistory |