From b9730aaae72b813f0e01124e79ccc3b25509f3d3 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 17 Nov 2015 13:23:11 +0100
Subject: [PATCH] ns16550: limit mapped MMIO size

There's no point in mapping more than the memory we actually may need
to touch, and in fact the too large region could actually extend into
another device's one (which currently is benign on x86 since only a
single page gets mapped anyway, but which is a latent bug on ARM
whenever PCI support gets enabled there).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
 xen/drivers/char/ns16550.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c
index ebe01ecc93..09abca8a0f 100644
--- a/xen/drivers/char/ns16550.c
+++ b/xen/drivers/char/ns16550.c
@@ -931,6 +931,8 @@ pci_uart_config(struct ns16550 *uart, bool_t skip_amt, unsigned int bar_idx)
                         uart->io_base += bar_idx * uart_param[p].uart_offset;
                         if ( uart_param[p].base_baud )
                             uart->clock_hz = uart_param[p].base_baud * 16;
+                        size = max(8U << uart_param[p].reg_shift,
+                                   uart_param[p].uart_offset);
                         /* Set device and MMIO region read only to Dom0 */
                         uart->enable_ro = 1;
                         break;
-- 
2.30.2