| Message ID | 1465905026-12887-1-git-send-email-julien.grall@arm.com |
|---|---|
| State | New |
| Headers | show |
Hi, Ping? Cheers, On 14/06/16 12:50, Julien Grall wrote: > The helper iomem_access_permitted expects MFNs in parameters and not > GNFs. Thankfully only the hardware domain can call this function and > it will always be with GFNS == MFNs for now. > > Also, fix the printf to use the MFN range and not the GFN one. > > Signed-off-by: Julien Grall <julien.grall@arm.com> > Cc: Shannon Zhao <shannon.zhao@linaro.org> > > --- > This patch is a good candidate to backport to Xen 4.7. Without > it, the hardware domain can map any MMIO because the permission > check is done on the GPFNs and not the MNFs. > --- > xen/arch/arm/p2m.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c > index 6a19c57..4c6547d 100644 > --- a/xen/arch/arm/p2m.c > +++ b/xen/arch/arm/p2m.c > @@ -1275,14 +1275,14 @@ int map_dev_mmio_region(struct domain *d, > { > int res; > > - if ( !(nr && iomem_access_permitted(d, start_gfn, start_gfn + nr - 1)) ) > + if ( !(nr && iomem_access_permitted(d, mfn, mfn + nr - 1)) ) > return 0; > > res = map_mmio_regions(d, start_gfn, nr, mfn); > if ( res < 0 ) > { > printk(XENLOG_G_ERR "Unable to map [%#lx - %#lx] in Dom%d\n", > - start_gfn, start_gfn + nr - 1, d->domain_id); > + mfn, mfn + nr - 1, d->domain_id); > return res; > } > >
diff --git a/xen/arch/arm/p2m.c b/xen/arch/arm/p2m.c index 6a19c57..4c6547d 100644 --- a/xen/arch/arm/p2m.c +++ b/xen/arch/arm/p2m.c @@ -1275,14 +1275,14 @@ int map_dev_mmio_region(struct domain *d, { int res; - if ( !(nr && iomem_access_permitted(d, start_gfn, start_gfn + nr - 1)) ) + if ( !(nr && iomem_access_permitted(d, mfn, mfn + nr - 1)) ) return 0; res = map_mmio_regions(d, start_gfn, nr, mfn); if ( res < 0 ) { printk(XENLOG_G_ERR "Unable to map [%#lx - %#lx] in Dom%d\n", - start_gfn, start_gfn + nr - 1, d->domain_id); + mfn, mfn + nr - 1, d->domain_id); return res; }
The helper iomem_access_permitted expects MFNs in parameters and not GNFs. Thankfully only the hardware domain can call this function and it will always be with GFNS == MFNs for now. Also, fix the printf to use the MFN range and not the GFN one. Signed-off-by: Julien Grall <julien.grall@arm.com> Cc: Shannon Zhao <shannon.zhao@linaro.org> --- This patch is a good candidate to backport to Xen 4.7. Without it, the hardware domain can map any MMIO because the permission check is done on the GPFNs and not the MNFs. --- xen/arch/arm/p2m.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)