Index: head/sys/amd64/vmm/amd/amdvi_hw.c
===================================================================
--- head/sys/amd64/vmm/amd/amdvi_hw.c
+++ head/sys/amd64/vmm/amd/amdvi_hw.c
@@ -496,7 +496,7 @@
 
 #ifdef AMDVI_DEBUG_CMD
 	if (status)
-		device_printf(softc->dev, "CMD completion DONE Tail:0x%x,
+		device_printf(softc->dev, "CMD completion DONE Tail:0x%x, "
 			      "Head:0x%x, loop:%d.\n", ctrl->cmd_tail,
 			      ctrl->cmd_head, loop);
 #endif
Index: head/sys/amd64/vmm/amd/amdvi_priv.h
===================================================================
--- head/sys/amd64/vmm/amd/amdvi_priv.h
+++ head/sys/amd64/vmm/amd/amdvi_priv.h
@@ -65,7 +65,7 @@
 struct amdvi_dte {
 	uint32_t dt_valid:1;		/* Device Table valid. */
 	uint32_t pt_valid:1;		/* Page translation valid. */
-	uint8_t  :7;			/* Reserved[8:2] */
+	uint16_t :7;			/* Reserved[8:2] */
 	uint8_t	 pt_level:3;		/* Paging level, 0 to disable. */
 	uint64_t pt_base:40;		/* Page table root pointer. */
 	uint8_t  :3;			/* Reserved[54:52] */
Index: head/sys/amd64/vmm/amd/ivrs_drv.c
===================================================================
--- head/sys/amd64/vmm/amd/ivrs_drv.c
+++ head/sys/amd64/vmm/amd/ivrs_drv.c
@@ -75,6 +75,12 @@
 	end = (ACPI_IVRS_HEADER *)((char *)ivrs + ivrs->Header.Length);
 
 	while (ivrs_hdr < end) {
+		if ((uint8_t *)ivrs_hdr + ivrs_hdr->Length > (uint8_t *)end) {
+			printf("AMD-Vi:IVHD/IVMD is corrupted, length : %d\n",
+			    ivrs_hdr->Length);
+			break;
+		}
+
 		switch (ivrs_hdr->Type) {
 		case ACPI_IVRS_TYPE_HARDWARE:	/* Legacy */
 		case 0x11:
@@ -98,10 +104,6 @@
 
 		ivrs_hdr = (ACPI_IVRS_HEADER *)((uint8_t *)ivrs_hdr +
 			ivrs_hdr->Length);
-		if (ivrs_hdr->Length < 0) {
-			printf("AMD-Vi:IVHD/IVMD is corrupted, length : %d\n", ivrs_hdr->Length);
-			break;
-		}
 	}
 }