Date: Fri, 24 Nov 2017 11:10:36 +0000 (UTC) From: Andriy Gapon <avg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r326151 - head/sys/amd64/vmm/amd Message-ID: <201711241110.vAOBAaqf064597@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: avg Date: Fri Nov 24 11:10:36 2017 New Revision: 326151 URL: https://svnweb.freebsd.org/changeset/base/326151 Log: vmm/amd: improve iteration over IVHD (type 10h) entries in IVRS table Many 8-byte entries have zero at byte 4, so the second 4-byte part is skipped as a 4-byte padding entry. But not all 8-byte entries have that property and they get misinterpreted. A real example: 48 00 00 00 ff 01 00 01 This an 8-byte ACPI_IVRS_TYPE_SPECIAL entry for IOAPIC with ID 255 (bogus). It is reported as: ivhd0: Unknown dev entry:0xff Fortunately, it was completely harmless. Also, bail out early if we encounter an entry of a variable length type. We do not have proper handling for those yet. Reviewed by: anish Modified: head/sys/amd64/vmm/amd/ivrs_drv.c Modified: head/sys/amd64/vmm/amd/ivrs_drv.c ============================================================================== --- head/sys/amd64/vmm/amd/ivrs_drv.c Fri Nov 24 10:45:33 2017 (r326150) +++ head/sys/amd64/vmm/amd/ivrs_drv.c Fri Nov 24 11:10:36 2017 (r326151) @@ -186,7 +186,8 @@ ivhd_dev_add_entry(struct amdvi_softc *softc, uint32_t static int ivhd_dev_parse(ACPI_IVRS_HARDWARE * ivhd, struct amdvi_softc *softc) { - ACPI_IVRS_DE_HEADER *de, *end; + ACPI_IVRS_DE_HEADER *de; + uint8_t *p, *end; int range_start_id = 0, range_end_id = 0; uint32_t *extended; uint8_t all_data = 0, range_data = 0; @@ -195,12 +196,15 @@ ivhd_dev_parse(ACPI_IVRS_HARDWARE * ivhd, struct amdvi softc->start_dev_rid = ~0; softc->end_dev_rid = 0; - de = (ACPI_IVRS_DE_HEADER *) ((uint8_t *)ivhd + - sizeof(ACPI_IVRS_HARDWARE)); - end = (ACPI_IVRS_DE_HEADER *) ((uint8_t *)ivhd + - ivhd->Header.Length); + /* + * XXX The following actually depends on Header.Type and + * is only true for 0x10. + */ + p = (uint8_t *)ivhd + sizeof(ACPI_IVRS_HARDWARE); + end = (uint8_t *)ivhd + ivhd->Header.Length; - while (de < (ACPI_IVRS_DE_HEADER *) end) { + while (p < end) { + de = (ACPI_IVRS_DE_HEADER *)p; softc->start_dev_rid = MIN(softc->start_dev_rid, de->Id); softc->end_dev_rid = MAX(softc->end_dev_rid, de->Id); switch (de->Type) { @@ -263,7 +267,15 @@ ivhd_dev_parse(ACPI_IVRS_HARDWARE * ivhd, struct amdvi "WARN Too many device entries.\n"); return (EINVAL); } - de++; + if (de->Type < 0x40) + p += sizeof(ACPI_IVRS_DEVICE4); + else if (de->Type < 0x80) + p += sizeof(ACPI_IVRS_DEVICE8A); + else { + printf("Variable size IVHD type 0x%x not supported\n", + de->Type); + break; + } } KASSERT((softc->end_dev_rid >= softc->start_dev_rid),
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711241110.vAOBAaqf064597>