The branch stable/14 has been updated by royger: URL: https://cgit.FreeBSD.org/src/commit/?id=329a3b0844e6671a3119a3f4da98e826c1c6199e
commit 329a3b0844e6671a3119a3f4da98e826c1c6199e Author: Roger Pau Monné <roy...@freebsd.org> AuthorDate: 2023-11-02 17:23:25 +0000 Commit: Roger Pau Monné <roy...@freebsd.org> CommitDate: 2024-10-11 07:06:13 +0000 xen: fix initialization of grant table frame array The current sizing of the array used to store grant table frames is broken, as the calculation: max_nr_glist_frames = (boot_max_nr_grant_frames * GREFS_PER_GRANT_FRAME / (PAGE_SIZE / sizeof(grant_ref_t))); Is plain bogus, for once grant_ref_t is the type of the grant reference, but not the entry used to store such references in the grant frames. But even if the above calculation is switched to use grant_entry_v1_t, it would end up as: max_nr_glist_frames = (boot_max_nr_grant_frames * (PAGE_SIZE / sizeof(grant_entry_v1_t)) / (PAGE_SIZE / sizeof(grant_entry_v1_t))); Which is pointless (note GREFS_PER_GRANT_FRAME has been expanded to (PAGE_SIZE / sizeof(grant_entry_v1_t))). Just use boot_max_nr_grant_frames directly to size the grant table frames array. Fixes: 30d1eefe3937 ("Import OS interfaces to Xen services.") Sponsored by: Citrix Systems R&D (cherry picked from commit 1a12f0aea81b57d0dd2374047b8f4c97a037a8df) --- sys/dev/xen/grant_table/grant_table.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/sys/dev/xen/grant_table/grant_table.c b/sys/dev/xen/grant_table/grant_table.c index 13ca966c1f90..1cf9fe5e339a 100644 --- a/sys/dev/xen/grant_table/grant_table.c +++ b/sys/dev/xen/grant_table/grant_table.c @@ -610,20 +610,12 @@ static int granttable_attach(device_t dev) { int i; - unsigned int max_nr_glist_frames; unsigned int nr_init_grefs; nr_grant_frames = 1; boot_max_nr_grant_frames = __max_nr_grant_frames(); - /* Determine the maximum number of frames required for the - * grant reference free list on the current hypervisor. - */ - max_nr_glist_frames = (boot_max_nr_grant_frames * - GREFS_PER_GRANT_FRAME / - (PAGE_SIZE / sizeof(grant_ref_t))); - - gnttab_list = malloc(max_nr_glist_frames * sizeof(grant_ref_t *), + gnttab_list = malloc(boot_max_nr_grant_frames * sizeof(grant_ref_t *), M_DEVBUF, M_NOWAIT); if (gnttab_list == NULL)