From nobody Mon Apr 13 00:05:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass(p=quarantine dis=none) header.from=amd.com ARC-Seal: i=2; a=rsa-sha256; t=1775734804; cv=pass; d=zohomail.com; s=zohoarc; b=CLn8ZVsLr3Pzk4OH+I4Pha+Tv9F4t5ZpY1/hwKhRlTDxEqVJjEsLJPde+VJvag7jS+o5Y3k6suazDCsBvxyIX8RWruaK8lalAfEkEmmM9aF3MygqHcYggfX5L+zeFG8+ZxjhdIa7ckS7pEPxN9X2VIqdNybHToiOohbsPhokvlE= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775734804; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=I41Wz6kgb/0DOUu+lYlBPOYvv2CAkwrbJsEJj/f2BGE=; b=bxmxrtHDY1h4v1X6AD6jWwWAIdnIkgSRT5BLJWehN7qvWJ4uF0eW9UNTZEM+I8LVcE1wAt5dMYEKIqSyjSYKY9weCnIWc8SHYNvdAuyCn/szn+PFd5mDkF91qjKsgDU1JnL8EoVBpocGU+eP6zN88dLaS5AUQI64sFtKral0TZ0= ARC-Authentication-Results: i=2; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; arc=pass (i=1 dmarc=pass fromdomain=amd.com); dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1775734804308472.9747792916281; Thu, 9 Apr 2026 04:40:04 -0700 (PDT) Received: from list by lists.xenproject.org with outflank-mailman.1277086.1562360 (Exim 4.92) (envelope-from ) id 1wAnjg-0008Ax-4h; Thu, 09 Apr 2026 11:39:48 +0000 Received: by outflank-mailman (output) from mailman id 1277086.1562360; Thu, 09 Apr 2026 11:39:48 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wAnjg-0008Am-20; Thu, 09 Apr 2026 11:39:48 +0000 Received: by outflank-mailman (input) for mailman id 1277086; Thu, 09 Apr 2026 11:39:47 +0000 Received: from mx.expurgate.net ([195.190.135.10]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1wAnjf-00084F-CU for xen-devel@lists.xenproject.org; Thu, 09 Apr 2026 11:39:47 +0000 Received: from mx.expurgate.net (helo=localhost) by mx.expurgate.net with esmtp id 1wAnje-00C2vv-Ow for xen-devel@lists.xenproject.org; Thu, 09 Apr 2026 13:39:46 +0200 Received: from [10.42.69.6] (helo=localhost) by localhost with ESMTP (eXpurgate MTA 0.9.1) (envelope-from ) id 69d78ff8-2eae-0a2a0a5409dd-0a2a4506c630-8 for ; Thu, 09 Apr 2026 13:39:46 +0200 Received: from [52.101.201.2] (helo=PH7PR06CU001.outbound.protection.outlook.com) by tlsNG-16d1c6.mxtls.expurgate.net with ESMTPS (eXpurgate 4.56.0) (envelope-from ) id 69d79000-0df0-0a2a45060019-3465c9025642-3 for ; Thu, 09 Apr 2026 13:39:46 +0200 Received: from PH5P220CA0012.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:34a::9) by DM4PR12MB8473.namprd12.prod.outlook.com (2603:10b6:8:183::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.20; Thu, 9 Apr 2026 11:39:40 +0000 Received: from MW1PEPF00016160.namprd21.prod.outlook.com (2603:10b6:510:34a:cafe::b7) by PH5P220CA0012.outlook.office365.com (2603:10b6:510:34a::9) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.40 via Frontend Transport; Thu, 9 Apr 2026 11:40:04 +0000 Received: from satlexmb08.amd.com (165.204.84.17) by MW1PEPF00016160.mail.protection.outlook.com (10.167.249.91) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.0 via Frontend Transport; Thu, 9 Apr 2026 11:39:40 +0000 Received: from satlexmb10.amd.com (10.181.42.219) by satlexmb08.amd.com (10.181.42.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Thu, 9 Apr 2026 06:39:39 -0500 Received: from satlexmb08.amd.com (10.181.42.217) by satlexmb10.amd.com (10.181.42.219) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.17; Thu, 9 Apr 2026 06:39:39 -0500 Received: from XIR-MICHALO-L1.xilinx.com (10.180.168.240) by satlexmb08.amd.com (10.181.42.217) with Microsoft SMTP Server id 15.2.2562.17 via Frontend Transport; Thu, 9 Apr 2026 06:39:38 -0500 X-Outflank-Mailman: Message body and most headers restored to incoming version X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" Authentication-Results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=amd.com header.i="@amd.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CG3l8jFdMDSrbe2ddx2a/K0lMymDBWFlZLyO1gU3w8ylq3OwOHmDYYtccLRjHANWUflntWqq6e1bhVs3NjrmPKMk8B1Zs0QT4Wuq2NjzgVwV4/9L3m/A/T/v5sFV4s2gPEf1e1MQN3Ldbuka0TbUbaZDqRCuWat2Ct/sS4ymr5CCVz8o06pkS5t2rJfUTa9+2hM4fv6TJYTkU7RF0lekfp6gT/w9Q+VQLJJaIdUN94tO+b1U6JsjvoAZnm7z7VrTLwPmBwI96r1tVHnErtO8/J+usA1+H/TdzIVOtAbTnggSv8EQt2PSMW2v1Ywmr0adxUraxeuWmTEQdspune1m8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I41Wz6kgb/0DOUu+lYlBPOYvv2CAkwrbJsEJj/f2BGE=; b=C/1GXh1V1mffLbofrobU5yIpvzKNXpxbHNteAwbjF8gcsQcLaLzZ58OUjDYSw1YvGtgFgTLnE7nw9YcRvgL7r0Pqr1/VvOBpEgn0mpboYLuwLGITetA5XgpGp4HLumMroWSFJWS6IGwr0ceGBAjVX1Qvl9TdiGICyTlxa4YMJqFTQ3+CzbWkJV3kD+IJLkxZydmFZgEnQj+OeXIGrILEg/6c098ZB+ijtlpeCBYAvBe2nxrCwdw6KtesVoMs/3M1I2naPLJHgNf6xXtjw6FzSt7zninJn5pLoO3ge9uDtUCv97EMsUT8ZJRBfWlBhSRGGiT7uQSbTe/qdypJIa6Vsg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=lists.xenproject.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=I41Wz6kgb/0DOUu+lYlBPOYvv2CAkwrbJsEJj/f2BGE=; b=4lCLIqE8abZaxsWbw+cxpFIPcWVXYIIYUDfWMSNX/g4XnzgvtxoasX818g4/tyQviDovS9qwEnc/aZWmxwuQxT2isFalZNAqTP9he/RLMXA1SbJU6O21hBunf/eS7ZG+V+yDxWFhFcZ5AxueIqFrQd/xGmavoqA9dUPoS7ucd0k= X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=satlexmb08.amd.com; pr=C From: Michal Orzel To: CC: Michal Orzel , Stefano Stabellini , Julien Grall , Bertrand Marquis , Volodymyr Babchuk Subject: [PATCH 1/3] xen/arm: Fix off-by-one in iomem_deny_access() calls Date: Thu, 9 Apr 2026 13:39:32 +0200 Message-ID: <20260409113934.197619-2-michal.orzel@amd.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260409113934.197619-1-michal.orzel@amd.com> References: <20260409113934.197619-1-michal.orzel@amd.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: MW1PEPF00016160:EE_|DM4PR12MB8473:EE_ X-MS-Office365-Filtering-Correlation-Id: c3ac2837-4cd0-4f39-a074-08de962cafc3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700016|1800799024|82310400026|22082099003|56012099003|18002099003; X-Microsoft-Antispam-Message-Info: ySKnjYqy5s/N9Fd8svTAU7dt/kU8T9u4gMshi0HMmUsZ+wal2WwPeA4OCWCPOe18KkNjyX+qNGLU3zAQs+nB5bxcemX1fnucifwprzyBf/gS2wSbvxjOZHUHJDjG4u+x330qzQAyTjvIgCkj8wpmCzrKOkn8s+uV2dd96BBgJkMlLjmVJD59U2Fs7rXGQvrsTMqIthHRjQjGqZWb8o8DJ56edPDFrMwtmJYmxiiVujE4S2eulBo2ibfkfh84Alcej9xasvXw0kIA8Y8aH5sC5XAnhazvbjtK3Ulsn4v0Wxnidn7Eta9iow7LYqZdm77bJO4mbRLC1t6xsuAx8HBBbRjO68y5w9VCLPdQZlggHgQiciEcUirqBW9TVxUygQ0jWRmJWz5tFOTMtwBQEpowGpyiLbfZj6sJFMxJKkUbd2dxDZz/B65d2EkNXvKU13rM1eQiMsHYjK1JOjwIUrjDoocrvHbmdcbwPHJh6/EzlQv3W/tKoLUnOeEr58ObRy7/++HJhnTtkTEn0wirxqMJaQMm27Us/S+3YdXTgKvq3Ze+PU4+B6Gl8HXeM8a+6uFxEFFdoBy5c/hVmIEDxqj2ftnQsq+mCawTAGNndQ7RN9yjexx1dQiAGKz6Oe+vh1YHnNyM8LfD/7BizfP+VciiequQIrr6zDzKk3Rd2XoYmh51xOIupZAaXo3XGQ6G9RY7qxusvNXpygWMTMifNhwBeN4p7pI7cPojS6SZ5fUbK65AVAwqFuTos3Ccud0B8dgN32gtSn8ACMqycBmpO2Huug== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:satlexmb08.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700016)(1800799024)(82310400026)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: B7fzeapXP7uNPQipQC2yF11wiOXtjpWmni6t2Rb1E3ivrfhSnck/6fgA9jTGRXLNX1yeRHpny1w9lPn748nNazFE7sZor7fksay6UGG/rnJxKwiy1QZH5dGV5+wATvVXWmA4Iwwg8cv6TaNeqUZM4x6g2sNd7/ZF3y30hyXPRTS4JJw9MRgWg94aE091DdZ0+oGW226QSyoCxtSC2Z7zA1YltUZOo9BbYvOu7SwnBwBvXSEBDov7dJ/inBqj22HoNFNXO262SYLV47KyeqWMSF3GspTy0VOTBHTfAZi01jZ3AleLGddaAcMbJsFbUPoRtsJVJ7pq/e9hpnLvfArsvRVcayxlTMCaDn+wNfk+lezV6tUYyBF4AbYWBruML+jqI+eL5Tr0947WPqu2SPIeHDC3mP5a5DkfM7ktwQ/mjUNn+m3uxRnwYoTbtuwX43bQ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Apr 2026 11:39:40.3429 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c3ac2837-4cd0-4f39-a074-08de962cafc3 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[satlexmb08.amd.com] X-MS-Exchange-CrossTenant-AuthSource: MW1PEPF00016160.namprd21.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB8473 X-purgate-ID: tlsNG-16d1c6/1775734786-5CD243D8-BBB4CCF6/0/0 X-purgate-type: clean X-purgate-size: 4470 X-ZohoMail-DKIM: pass (identity @amd.com) X-ZM-MESSAGEID: 1775734805888158500 Content-Type: text/plain; charset="utf-8" iomem_deny_access() wraps rangeset_remove_range() which takes inclusive endpoints. All call sites in the GIC and ACPI code pass 'mfn + nr' (or 'mfn + 1' for single-page regions) as the end parameter, which causes one extra page beyond each region to be denied. For single-page regions, use 'mfn' as the end (denying exactly one page). For all multi-page regions, use 'mfn + nr - 1'. This matches the correct pattern used elsewhere, e.g. in device.c. Fixes: 8300b3377e ("arm/gic: Add a new callback to deny Dom0 access to GIC = regions") Fixes: 66158be465 ("ARM: ITS: Deny hardware domain access to ITS") Fixes: 97e9875646 ("arm/acpi: Permit MMIO access of Xen unused devices for = Dom0") Signed-off-by: Michal Orzel Reviewed-by: Luca Fancellu Reviewed-by: Stefano Stabellini --- xen/arch/arm/acpi/domain_build.c | 2 +- xen/arch/arm/gic-v2.c | 8 ++++---- xen/arch/arm/gic-v3-its.c | 2 +- xen/arch/arm/gic-v3.c | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/xen/arch/arm/acpi/domain_build.c b/xen/arch/arm/acpi/domain_bu= ild.c index 5a117001ef11..249d899c3337 100644 --- a/xen/arch/arm/acpi/domain_build.c +++ b/xen/arch/arm/acpi/domain_build.c @@ -48,7 +48,7 @@ static int __init acpi_iomem_deny_access(struct domain *d) { mfn =3D spcr->serial_port.address >> PAGE_SHIFT; /* Deny MMIO access for UART */ - rc =3D iomem_deny_access(d, mfn, mfn + 1); + rc =3D iomem_deny_access(d, mfn, mfn); if ( rc ) return rc; } diff --git a/xen/arch/arm/gic-v2.c b/xen/arch/arm/gic-v2.c index b23e72a3d05d..014f9559673b 100644 --- a/xen/arch/arm/gic-v2.c +++ b/xen/arch/arm/gic-v2.c @@ -1079,23 +1079,23 @@ static int gicv2_iomem_deny_access(struct domain *d) unsigned long mfn, nr; =20 mfn =3D dbase >> PAGE_SHIFT; - rc =3D iomem_deny_access(d, mfn, mfn + 1); + rc =3D iomem_deny_access(d, mfn, mfn); if ( rc ) return rc; =20 mfn =3D hbase >> PAGE_SHIFT; - rc =3D iomem_deny_access(d, mfn, mfn + 1); + rc =3D iomem_deny_access(d, mfn, mfn); if ( rc ) return rc; =20 mfn =3D cbase >> PAGE_SHIFT; nr =3D DIV_ROUND_UP(csize, PAGE_SIZE); - rc =3D iomem_deny_access(d, mfn, mfn + nr); + rc =3D iomem_deny_access(d, mfn, mfn + nr - 1); if ( rc ) return rc; =20 mfn =3D vbase >> PAGE_SHIFT; - return iomem_deny_access(d, mfn, mfn + nr); + return iomem_deny_access(d, mfn, mfn + nr - 1); } =20 #ifdef CONFIG_ACPI diff --git a/xen/arch/arm/gic-v3-its.c b/xen/arch/arm/gic-v3-its.c index 9ba068c46fcb..e38aa8711744 100644 --- a/xen/arch/arm/gic-v3-its.c +++ b/xen/arch/arm/gic-v3-its.c @@ -1009,7 +1009,7 @@ int gicv3_its_deny_access(struct domain *d) { mfn =3D paddr_to_pfn(its_data->addr); nr =3D PFN_UP(its_data->size); - rc =3D iomem_deny_access(d, mfn, mfn + nr); + rc =3D iomem_deny_access(d, mfn, mfn + nr - 1); if ( rc ) { printk("iomem_deny_access failed for %lx:%lx \r\n", mfn, nr); diff --git a/xen/arch/arm/gic-v3.c b/xen/arch/arm/gic-v3.c index bc07f97c16ab..b3e104ea4ad0 100644 --- a/xen/arch/arm/gic-v3.c +++ b/xen/arch/arm/gic-v3.c @@ -1602,7 +1602,7 @@ static int gicv3_iomem_deny_access(struct domain *d) =20 mfn =3D dbase >> PAGE_SHIFT; nr =3D PFN_UP(SZ_64K); - rc =3D iomem_deny_access(d, mfn, mfn + nr); + rc =3D iomem_deny_access(d, mfn, mfn + nr - 1); if ( rc ) return rc; =20 @@ -1614,7 +1614,7 @@ static int gicv3_iomem_deny_access(struct domain *d) { mfn =3D gicv3.rdist_regions[i].base >> PAGE_SHIFT; nr =3D PFN_UP(gicv3.rdist_regions[i].size); - rc =3D iomem_deny_access(d, mfn, mfn + nr); + rc =3D iomem_deny_access(d, mfn, mfn + nr - 1); if ( rc ) return rc; } @@ -1623,7 +1623,7 @@ static int gicv3_iomem_deny_access(struct domain *d) { mfn =3D cbase >> PAGE_SHIFT; nr =3D PFN_UP(csize); - rc =3D iomem_deny_access(d, mfn, mfn + nr); + rc =3D iomem_deny_access(d, mfn, mfn + nr - 1); if ( rc ) return rc; } @@ -1632,7 +1632,7 @@ static int gicv3_iomem_deny_access(struct domain *d) { mfn =3D vbase >> PAGE_SHIFT; nr =3D PFN_UP(csize); - return iomem_deny_access(d, mfn, mfn + nr); + return iomem_deny_access(d, mfn, mfn + nr - 1); } =20 return 0; --=20 2.43.0