[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen master] xen/arm: Fix off-by-one in iomem_deny_access() calls

commit f25fe2452b821270ac62c2ee4f6dd4dea9ad3298
Author:     Michal Orzel <michal.orzel@xxxxxxx>
AuthorDate: Thu Apr 9 13:39:32 2026 +0200
Commit:     Michal Orzel <michal.orzel@xxxxxxx>
CommitDate: Fri Apr 10 10:31:04 2026 +0200

    xen/arm: Fix off-by-one in iomem_deny_access() calls
    
    iomem_deny_access() wraps rangeset_remove_range() which takes inclusive
    endpoints.  All call sites in the GIC and ACPI code pass 'mfn + nr' (or
    'mfn + 1' for single-page regions) as the end parameter, which causes
    one extra page beyond each region to be denied.
    
    For single-page regions, use 'mfn' as the end (denying exactly one page).
    For all multi-page regions, use 'mfn + nr - 1'.
    
    This matches the correct pattern used elsewhere, e.g. in device.c.
    
    Fixes: 8300b3377e ("arm/gic: Add a new callback to deny Dom0 access to GIC 
regions")
    Fixes: 66158be465 ("ARM: ITS: Deny hardware domain access to ITS")
    Fixes: 97e9875646 ("arm/acpi: Permit MMIO access of Xen unused devices for 
Dom0")
    Signed-off-by: Michal Orzel <michal.orzel@xxxxxxx>
    Reviewed-by: Luca Fancellu <luca.fancellu@xxxxxxx>
    Reviewed-by: Stefano Stabellini <stefano.stabellini@xxxxxxx>
---
 xen/arch/arm/acpi/domain_build.c | 2 +-
 xen/arch/arm/gic-v2.c            | 8 ++++----
 xen/arch/arm/gic-v3-its.c        | 2 +-
 xen/arch/arm/gic-v3.c            | 8 ++++----
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/xen/arch/arm/acpi/domain_build.c b/xen/arch/arm/acpi/domain_build.c
index 5a117001ef..249d899c33 100644
--- a/xen/arch/arm/acpi/domain_build.c
+++ b/xen/arch/arm/acpi/domain_build.c
@@ -48,7 +48,7 @@ static int __init acpi_iomem_deny_access(struct domain *d)
     {
         mfn = spcr->serial_port.address >> PAGE_SHIFT;
         /* Deny MMIO access for UART */
-        rc = iomem_deny_access(d, mfn, mfn + 1);
+        rc = iomem_deny_access(d, mfn, mfn);
         if ( rc )
             return rc;
     }
diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c
index b23e72a3d0..014f955967 100644
--- a/xen/arch/arm/gic-v2.c
+++ b/xen/arch/arm/gic-v2.c
@@ -1079,23 +1079,23 @@ static int gicv2_iomem_deny_access(struct domain *d)
     unsigned long mfn, nr;
 
     mfn = dbase >> PAGE_SHIFT;
-    rc = iomem_deny_access(d, mfn, mfn + 1);
+    rc = iomem_deny_access(d, mfn, mfn);
     if ( rc )
         return rc;
 
     mfn = hbase >> PAGE_SHIFT;
-    rc = iomem_deny_access(d, mfn, mfn + 1);
+    rc = iomem_deny_access(d, mfn, mfn);
     if ( rc )
         return rc;
 
     mfn = cbase >> PAGE_SHIFT;
     nr = DIV_ROUND_UP(csize, PAGE_SIZE);
-    rc = iomem_deny_access(d, mfn, mfn + nr);
+    rc = iomem_deny_access(d, mfn, mfn + nr - 1);
     if ( rc )
         return rc;
 
     mfn = vbase >> PAGE_SHIFT;
-    return iomem_deny_access(d, mfn, mfn + nr);
+    return iomem_deny_access(d, mfn, mfn + nr - 1);
 }
 
 #ifdef CONFIG_ACPI
diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c
index 9ba068c46f..e38aa87117 100644
--- a/xen/arch/arm/gic-v3-its.c
+++ b/xen/arch/arm/gic-v3-its.c
@@ -1009,7 +1009,7 @@ int gicv3_its_deny_access(struct domain *d)
     {
         mfn = paddr_to_pfn(its_data->addr);
         nr = PFN_UP(its_data->size);
-        rc = iomem_deny_access(d, mfn, mfn + nr);
+        rc = iomem_deny_access(d, mfn, mfn + nr - 1);
         if ( rc )
         {
             printk("iomem_deny_access failed for %lx:%lx \r\n", mfn, nr);
diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c
index bc07f97c16..b3e104ea4a 100644
--- a/xen/arch/arm/gic-v3.c
+++ b/xen/arch/arm/gic-v3.c
@@ -1602,7 +1602,7 @@ static int gicv3_iomem_deny_access(struct domain *d)
 
     mfn = dbase >> PAGE_SHIFT;
     nr = PFN_UP(SZ_64K);
-    rc = iomem_deny_access(d, mfn, mfn + nr);
+    rc = iomem_deny_access(d, mfn, mfn + nr - 1);
     if ( rc )
         return rc;
 
@@ -1614,7 +1614,7 @@ static int gicv3_iomem_deny_access(struct domain *d)
     {
         mfn = gicv3.rdist_regions[i].base >> PAGE_SHIFT;
         nr = PFN_UP(gicv3.rdist_regions[i].size);
-        rc = iomem_deny_access(d, mfn, mfn + nr);
+        rc = iomem_deny_access(d, mfn, mfn + nr - 1);
         if ( rc )
             return rc;
     }
@@ -1623,7 +1623,7 @@ static int gicv3_iomem_deny_access(struct domain *d)
     {
         mfn = cbase >> PAGE_SHIFT;
         nr = PFN_UP(csize);
-        rc = iomem_deny_access(d, mfn, mfn + nr);
+        rc = iomem_deny_access(d, mfn, mfn + nr - 1);
         if ( rc )
             return rc;
     }
@@ -1632,7 +1632,7 @@ static int gicv3_iomem_deny_access(struct domain *d)
     {
         mfn = vbase >> PAGE_SHIFT;
         nr = PFN_UP(csize);
-        return iomem_deny_access(d, mfn, mfn + nr);
+        return iomem_deny_access(d, mfn, mfn + nr - 1);
     }
 
     return 0;
--
generated by git-patchbot for /home/xen/git/xen.git#master

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.