From: Bhupinder Thakur <bhupinder.thakur@linaro.org>
Date: Fri, 29 Sep 2017 05:59:46 +0000 (+0530)
Subject: xen/arm: Fix the issue in cmp_mmio_handler used in find_mmio_handler
X-Git-Tag: 4.10.0-rc1~201
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=b7ed331353a14f43f53eaf6a3a543ec8385193a3;p=people%2Fdariof%2Fxen.git

xen/arm: Fix the issue in cmp_mmio_handler used in find_mmio_handler

This patch fixes the wrong range check done in cmp_mmio_handler().

This function returns -1 , 0 or 1  based on whether the key value
is below the range, in the range or above the range where the range is
(start, start+size). However, it should check against (start, start+size-1)
because start+size falls outside the range.

This resulted in returning a wrong mmio_handler for a given mmio address which
happened to be start+size.

This bug was introduced when the mmio region search switched from
linear search to binary search in the following commit:

8047e09 "xen/arm: io: Use binary search for mmio handler lookup".

Signed-off-by: Bhupinder Thakur <bhupinder.thakur@linaro.org>
Signed-off-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
---

diff --git a/xen/arch/arm/io.c b/xen/arch/arm/io.c
index e2161289a3..c748d8f5bf 100644
--- a/xen/arch/arm/io.c
+++ b/xen/arch/arm/io.c
@@ -79,7 +79,7 @@ static int cmp_mmio_handler(const void *key, const void *elem)
     if ( handler0->addr < handler1->addr )
         return -1;
 
-    if ( handler0->addr > (handler1->addr + handler1->size) )
+    if ( handler0->addr >= (handler1->addr + handler1->size) )
         return 1;
 
     return 0;