From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 13 Nov 2019 13:19:36 +0000 (+0000)
Subject: AMD/IOMMU: Fix crash in 'V' debugkey
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=85e1424de2dda289a4ee92e6b4f5328dd10e75ae;p=people%2Froyger%2Fxen.git

AMD/IOMMU: Fix crash in 'V' debugkey

c/s bb038f31168 "AMD/IOMMU: replace INTREMAP_ENTRIES" introduces a call to
intremap_table_entries() in dump_intremap_table() before tbl.ptr is checked
for NULL.

intremap_table_entries() internally uses virt_to_page() which falls over

  ASSERT(va >= XEN_VIRT_START);

in __virt_to_page().

Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---

diff --git a/xen/drivers/passthrough/amd/iommu_intr.c b/xen/drivers/passthrough/amd/iommu_intr.c
index 1eed60f265..5e92c023f8 100644
--- a/xen/drivers/passthrough/amd/iommu_intr.c
+++ b/xen/drivers/passthrough/amd/iommu_intr.c
@@ -847,11 +847,13 @@ static void dump_intremap_table(const struct amd_iommu *iommu,
                                 union irte_cptr tbl,
                                 const struct ivrs_mappings *ivrs_mapping)
 {
-    unsigned int count, nr = intremap_table_entries(tbl.ptr, iommu);
+    unsigned int count, nr;
 
     if ( !tbl.ptr )
         return;
 
+    nr = intremap_table_entries(tbl.ptr, iommu);
+
     for ( count = 0; count < nr; count++ )
     {
         if ( iommu->ctrl.ga_en