From owner-svn-src-head@freebsd.org Fri Nov 24 11:10:37 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6385DDFE57; Fri, 24 Nov 2017 11:10:37 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 70F426FBB1; Fri, 24 Nov 2017 11:10:37 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vAOBAa0F064598; Fri, 24 Nov 2017 11:10:36 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vAOBAaqf064597; Fri, 24 Nov 2017 11:10:36 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201711241110.vAOBAaqf064597@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Fri, 24 Nov 2017 11:10:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r326151 - head/sys/amd64/vmm/amd X-SVN-Group: head X-SVN-Commit-Author: avg X-SVN-Commit-Paths: head/sys/amd64/vmm/amd X-SVN-Commit-Revision: 326151 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2017 11:10:37 -0000 Author: avg Date: Fri Nov 24 11:10:36 2017 New Revision: 326151 URL: https://svnweb.freebsd.org/changeset/base/326151 Log: vmm/amd: improve iteration over IVHD (type 10h) entries in IVRS table Many 8-byte entries have zero at byte 4, so the second 4-byte part is skipped as a 4-byte padding entry. But not all 8-byte entries have that property and they get misinterpreted. A real example: 48 00 00 00 ff 01 00 01 This an 8-byte ACPI_IVRS_TYPE_SPECIAL entry for IOAPIC with ID 255 (bogus). It is reported as: ivhd0: Unknown dev entry:0xff Fortunately, it was completely harmless. Also, bail out early if we encounter an entry of a variable length type. We do not have proper handling for those yet. Reviewed by: anish Modified: head/sys/amd64/vmm/amd/ivrs_drv.c Modified: head/sys/amd64/vmm/amd/ivrs_drv.c ============================================================================== --- head/sys/amd64/vmm/amd/ivrs_drv.c Fri Nov 24 10:45:33 2017 (r326150) +++ head/sys/amd64/vmm/amd/ivrs_drv.c Fri Nov 24 11:10:36 2017 (r326151) @@ -186,7 +186,8 @@ ivhd_dev_add_entry(struct amdvi_softc *softc, uint32_t static int ivhd_dev_parse(ACPI_IVRS_HARDWARE * ivhd, struct amdvi_softc *softc) { - ACPI_IVRS_DE_HEADER *de, *end; + ACPI_IVRS_DE_HEADER *de; + uint8_t *p, *end; int range_start_id = 0, range_end_id = 0; uint32_t *extended; uint8_t all_data = 0, range_data = 0; @@ -195,12 +196,15 @@ ivhd_dev_parse(ACPI_IVRS_HARDWARE * ivhd, struct amdvi softc->start_dev_rid = ~0; softc->end_dev_rid = 0; - de = (ACPI_IVRS_DE_HEADER *) ((uint8_t *)ivhd + - sizeof(ACPI_IVRS_HARDWARE)); - end = (ACPI_IVRS_DE_HEADER *) ((uint8_t *)ivhd + - ivhd->Header.Length); + /* + * XXX The following actually depends on Header.Type and + * is only true for 0x10. + */ + p = (uint8_t *)ivhd + sizeof(ACPI_IVRS_HARDWARE); + end = (uint8_t *)ivhd + ivhd->Header.Length; - while (de < (ACPI_IVRS_DE_HEADER *) end) { + while (p < end) { + de = (ACPI_IVRS_DE_HEADER *)p; softc->start_dev_rid = MIN(softc->start_dev_rid, de->Id); softc->end_dev_rid = MAX(softc->end_dev_rid, de->Id); switch (de->Type) { @@ -263,7 +267,15 @@ ivhd_dev_parse(ACPI_IVRS_HARDWARE * ivhd, struct amdvi "WARN Too many device entries.\n"); return (EINVAL); } - de++; + if (de->Type < 0x40) + p += sizeof(ACPI_IVRS_DEVICE4); + else if (de->Type < 0x80) + p += sizeof(ACPI_IVRS_DEVICE8A); + else { + printf("Variable size IVHD type 0x%x not supported\n", + de->Type); + break; + } } KASSERT((softc->end_dev_rid >= softc->start_dev_rid),