From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 17 Nov 2015 12:23:11 +0000 (+0100)
Subject: ns16550: limit mapped MMIO size
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~2244
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b9730aaae72b813f0e01124e79ccc3b25509f3d3;p=xen.git

ns16550: limit mapped MMIO size

There's no point in mapping more than the memory we actually may need
to touch, and in fact the too large region could actually extend into
another device's one (which currently is benign on x86 since only a
single page gets mapped anyway, but which is a latent bug on ARM
whenever PCI support gets enabled there).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---

diff --git a/xen/drivers/char/ns16550.c b/xen/drivers/char/ns16550.c
index ebe01ecc93..09abca8a0f 100644
--- a/xen/drivers/char/ns16550.c
+++ b/xen/drivers/char/ns16550.c
@@ -931,6 +931,8 @@ pci_uart_config(struct ns16550 *uart, bool_t skip_amt, unsigned int bar_idx)
                         uart->io_base += bar_idx * uart_param[p].uart_offset;
                         if ( uart_param[p].base_baud )
                             uart->clock_hz = uart_param[p].base_baud * 16;
+                        size = max(8U << uart_param[p].reg_shift,
+                                   uart_param[p].uart_offset);
                         /* Set device and MMIO region read only to Dom0 */
                         uart->enable_ro = 1;
                         break;