| Message ID | 1506465901-24665-1-git-send-email-bhupinder.thakur@linaro.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [Xen-devel] xen/arm: Fix the issue in cmp_mmio_handler used in find_mmio_handler | expand |
Hi Bhupinder, Good catch! On 09/26/2017 11:45 PM, Bhupinder Thakur wrote: > This function returns true/false based on whether the key value > is in the range (start, start+size). However, it should check against > (start, start+size-1) because start+size falls outside the range. > > This resulted in returning a wrong mmio_handler for a given mmio address which > happened to be start+size. It would be nice if you can add the offending commit in the message. I think: 8047e09 "xen/arm: io: Use binary search for mmio handler lookup". > Signed-off-by: Bhupinder Thakur <bhupinder.thakur@linaro.org > --- > CC: Stefano Stabellini <sstabellini@kernel.org> > CC: Julien Grall <julien.grall@arm.com> I think it should be backported up to Xen 4.8. Cheers, > xen/arch/arm/io.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c > index e216128..c748d8f 100644 > --- a/xen/arch/arm/io.c > +++ b/xen/arch/arm/io.c > @@ -79,7 +79,7 @@ static int cmp_mmio_handler(const void *key, const void *elem) > if ( handler0->addr < handler1->addr ) > return -1; > > - if ( handler0->addr > (handler1->addr + handler1->size) ) > + if ( handler0->addr >= (handler1->addr + handler1->size) ) > return 1; > > return 0; >
diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c index e216128..c748d8f 100644 --- a/xen/arch/arm/io.c +++ b/xen/arch/arm/io.c @@ -79,7 +79,7 @@ static int cmp_mmio_handler(const void *key, const void *elem) if ( handler0->addr < handler1->addr ) return -1; - if ( handler0->addr > (handler1->addr + handler1->size) ) + if ( handler0->addr >= (handler1->addr + handler1->size) ) return 1; return 0;
This function returns true/false based on whether the key value is in the range (start, start+size). However, it should check against (start, start+size-1) because start+size falls outside the range. This resulted in returning a wrong mmio_handler for a given mmio address which happened to be start+size. Signed-off-by: Bhupinder Thakur <bhupinder.thakur@linaro.org> --- CC: Stefano Stabellini <sstabellini@kernel.org> CC: Julien Grall <julien.grall@arm.com> xen/arch/arm/io.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)