Miroslav Rezanina
2009-Oct-15 12:21 UTC
[Xen-devel] [PATCH] Xen panic in msi_msg_read_remap_rte with acpi=off
Xen kernel panics when "acpi=off noacpi" is set. Problem is caused by
dereferncing NULL pointer in drhd after calling acpi_find_matched_drhd_unit. As
acpi_find_matched_drhd_unit can return NULL, checks has to be done before
returned value is used.
Patch:
----
diff -r 97684ba1303e xen/drivers/passthrough/vtd/intremap.c
--- a/xen/drivers/passthrough/vtd/intremap.c Thu Oct 01 18:39:03 2009 +0100
+++ b/xen/drivers/passthrough/vtd/intremap.c Thu Oct 15 14:08:13 2009 +0200
@@ -461,6 +461,8 @@
struct ir_ctrl *ir_ctrl;
drhd = acpi_find_matched_drhd_unit(pdev);
+ if (!drhd)
+ return;
iommu = drhd->iommu;
ir_ctrl = iommu_ir_ctrl(iommu);
@@ -479,6 +481,8 @@
struct ir_ctrl *ir_ctrl;
drhd = acpi_find_matched_drhd_unit(pdev);
+ if (!drhd)
+ return;
iommu = drhd->iommu;
ir_ctrl = iommu_ir_ctrl(iommu);
diff -r 97684ba1303e xen/drivers/passthrough/vtd/iommu.c
--- a/xen/drivers/passthrough/vtd/iommu.c Thu Oct 01 18:39:03 2009 +0100
+++ b/xen/drivers/passthrough/vtd/iommu.c Thu Oct 15 14:08:13 2009 +0200
@@ -1412,6 +1412,8 @@
return -ENODEV;
drhd = acpi_find_matched_drhd_unit(pdev);
+ if (!drhd)
+ return -ENODEV;
pdev_iommu = drhd->iommu;
domain_context_unmap(source, bus, devfn);
@@ -1425,7 +1427,7 @@
for_each_pdev ( source, pdev )
{
drhd = acpi_find_matched_drhd_unit(pdev);
- if ( drhd->iommu == pdev_iommu )
+ if ( drhd && drhd->iommu == pdev_iommu )
{
found = 1;
break;
----
Miroslav Rezanina
Software Engineer - Virtualization Team - XEN kernel
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel