Looking up the to-be-deleted region with zero legnth can cause false
matches:
Registered regions:
Start Size
0xb0000000 0x10000000
0x100000000 0x1000
0x100002000 0x20
0x100002020 0x20
Now trying to remove 0x100002020 will match on 0x100002000. This can be
trivially avoided by looking for a 1-byte region.
Fixes: 0993685e882f ("core: Add generic MMIO access dispatching")
Signed-off-by: Jan Kiszka <[email protected]>
---
hypervisor/mmio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hypervisor/mmio.c b/hypervisor/mmio.c
index 5fdcc31..7f3f8fa 100644
--- a/hypervisor/mmio.c
+++ b/hypervisor/mmio.c
@@ -171,7 +171,7 @@ void mmio_region_unregister(struct cell *cell, unsigned
long start)
spin_lock(&cell->mmio_region_lock);
- index = find_region(cell, start, 0);
+ index = find_region(cell, start, 1);
if (index >= 0) {
for (/* empty */; index < cell->num_mmio_regions; index++)
copy_region(cell, index + 1, index);
--
2.1.4
--
You received this message because you are subscribed to the Google Groups
"Jailhouse" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
