Page MenuHomeFreeBSD
Files F147242148

D11485.id.diff
No OneTemporary
Actions

D11485.id.diff
View Options

Index: head/sys/amd64/vmm/amd/amdvi_hw.c
===================================================================
--- head/sys/amd64/vmm/amd/amdvi_hw.c
+++ head/sys/amd64/vmm/amd/amdvi_hw.c
@@ -496,7 +496,7 @@
#ifdef AMDVI_DEBUG_CMD
if (status)
- device_printf(softc->dev, "CMD completion DONE Tail:0x%x,
+ device_printf(softc->dev, "CMD completion DONE Tail:0x%x, "
"Head:0x%x, loop:%d.\n", ctrl->cmd_tail,
ctrl->cmd_head, loop);
#endif
Index: head/sys/amd64/vmm/amd/amdvi_priv.h
===================================================================
--- head/sys/amd64/vmm/amd/amdvi_priv.h
+++ head/sys/amd64/vmm/amd/amdvi_priv.h
@@ -65,7 +65,7 @@
struct amdvi_dte {
uint32_t dt_valid:1; /* Device Table valid. */
uint32_t pt_valid:1; /* Page translation valid. */
- uint8_t :7; /* Reserved[8:2] */
+ uint16_t :7; /* Reserved[8:2] */
uint8_t pt_level:3; /* Paging level, 0 to disable. */
uint64_t pt_base:40; /* Page table root pointer. */
uint8_t :3; /* Reserved[54:52] */
Index: head/sys/amd64/vmm/amd/ivrs_drv.c
===================================================================
--- head/sys/amd64/vmm/amd/ivrs_drv.c
+++ head/sys/amd64/vmm/amd/ivrs_drv.c
@@ -75,6 +75,12 @@
end = (ACPI_IVRS_HEADER *)((char *)ivrs + ivrs->Header.Length);
while (ivrs_hdr < end) {
+ if ((uint8_t *)ivrs_hdr + ivrs_hdr->Length > (uint8_t *)end) {
+ printf("AMD-Vi:IVHD/IVMD is corrupted, length : %d\n",
+ ivrs_hdr->Length);
+ break;
+ }
+
switch (ivrs_hdr->Type) {
case ACPI_IVRS_TYPE_HARDWARE: /* Legacy */
case 0x11:
@@ -98,10 +104,6 @@
ivrs_hdr = (ACPI_IVRS_HEADER *)((uint8_t *)ivrs_hdr +
ivrs_hdr->Length);
- if (ivrs_hdr->Length < 0) {
- printf("AMD-Vi:IVHD/IVMD is corrupted, length : %d\n", ivrs_hdr->Length);
- break;
- }
}
}

File Metadata

Mime Type
text/plain
Expires
Tue, Mar 10, 9:29 AM (6 h, 25 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29485829
Default Alt Text
D11485.id.diff (1 KB)

Event Timeline