[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH for 2.8 v4 1/1] cadence_uart: Check baud rate genera
From: |
Alistair Francis |
Subject: |
[Qemu-devel] [PATCH for 2.8 v4 1/1] cadence_uart: Check baud rate generator and divider values on migration |
Date: |
Wed, 7 Dec 2016 09:53:24 -0800 |
The Cadence UART device emulator calculates speed by dividing the
baud rate by a 'baud rate generator' & 'baud rate divider' value.
The device specification defines these register values to be
non-zero and within certain limits. Checks were recently added when
writing to these registers but not when restoring from migration.
This patch adds checks when restoring from migration to avoid divide by
zero errors.
Reported-by: Huawei PSIRT <address@hidden>
Signed-off-by: Alistair Francis <address@hidden>
---
V4:
- Fix R_BRGR logic
V3:
- Fix broken migration logic
- Manually double checked and it passes migration.
V2:
- Abort the migration if the data is invalid
hw/char/cadence_uart.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/char/cadence_uart.c b/hw/char/cadence_uart.c
index 0215d65..dba1c53 100644
--- a/hw/char/cadence_uart.c
+++ b/hw/char/cadence_uart.c
@@ -502,6 +502,13 @@ static int cadence_uart_post_load(void *opaque, int
version_id)
{
CadenceUARTState *s = opaque;
+ /* Ensure these two aren't invalid numbers */
+ if (s->r[R_BRGR] < 1 || s->r[R_BRGR] & ~0xFFFF ||
+ s->r[R_BDIV] <= 3 || s->r[R_BDIV] & ~0xFF) {
+ /* Value is invalid, abort */
+ return 1;
+ }
+
uart_parameters_setup(s);
uart_update_status(s);
return 0;
--
2.7.4
- [Qemu-devel] [PATCH for 2.8 v4 1/1] cadence_uart: Check baud rate generator and divider values on migration,
Alistair Francis <=