[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention
From: |
Isaku Yamahata |
Subject: |
Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention |
Date: |
Thu, 28 Jul 2011 16:23:24 +0900 |
User-agent: |
Mutt/1.5.19 (2009-01-05) |
This might be a bit late comment...
On Fri, Jul 22, 2011 at 11:05:01AM +0200, Jan Kiszka wrote:
> diff --git a/hw/pci_host.c b/hw/pci_host.c
> index 728e2d4..bfdc321 100644
> --- a/hw/pci_host.c
> +++ b/hw/pci_host.c
> @@ -47,17 +47,33 @@ static inline PCIDevice *pci_dev_find_by_addr(PCIBus
> *bus, uint32_t addr)
> return pci_find_device(bus, bus_num, devfn);
> }
>
> +void pci_config_write_common(PCIDevice *pci_dev, uint32_t addr,
> + uint32_t limit, uint32_t val, uint32_t len)
> +{
> + assert(len <= 4);
> + pci_dev->config_write(pci_dev, addr, val, MIN(len, limit - addr));
> +}
> +
> +uint32_t pci_config_read_common(PCIDevice *pci_dev, uint32_t addr,
> + uint32_t limit, uint32_t len)
> +{
> + assert(len <= 4);
> + return pci_dev->config_read(pci_dev, addr, MIN(len, limit - addr));
> +}
> +
Since limit and addr is unsigned, MIN(len, limit - addr) = len if limit < addr.
So we need explicit "if (limit < addr) return;".
Here's the patch for pci branch.
>From 75c1a2b47c93ad987cd7a37fb62bda9a59f27948 Mon Sep 17 00:00:00 2001
Message-Id: <address@hidden>
From: Isaku Yamahata <address@hidden>
Date: Thu, 28 Jul 2011 16:20:28 +0900
Subject: [PATCH] pci/host: limit check of pci_host_config_read/write_common
This patch adds boundary check in pci_host_config_read/write_common()
Since limit and addr is unsigned, MIN(len, limit - addr) = len if limit < addr.
So we need explicit "if (limit <= addr) return;"
Signed-off-by: Isaku Yamahata <address@hidden>
---
hw/pci_host.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/hw/pci_host.c b/hw/pci_host.c
index 2e8a29f..71fd3a1 100644
--- a/hw/pci_host.c
+++ b/hw/pci_host.c
@@ -51,6 +51,9 @@ void pci_host_config_write_common(PCIDevice *pci_dev,
uint32_t addr,
uint32_t limit, uint32_t val, uint32_t len)
{
assert(len <= 4);
+ if (limit <= addr) {
+ return;
+ }
pci_dev->config_write(pci_dev, addr, val, MIN(len, limit - addr));
}
@@ -58,6 +61,9 @@ uint32_t pci_host_config_read_common(PCIDevice *pci_dev,
uint32_t addr,
uint32_t limit, uint32_t len)
{
assert(len <= 4);
+ if (limit <= addr) {
+ return 0;
+ }
return pci_dev->config_read(pci_dev, addr, MIN(len, limit - addr));
}
--
1.7.1.1
--
yamahata
- [Qemu-devel] [PATCH] pci: Common overflow prevention, Jan Kiszka, 2011/07/21
- Re: [Qemu-devel] [PATCH] pci: Common overflow prevention, Michael S. Tsirkin, 2011/07/22
- [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Jan Kiszka, 2011/07/22
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention,
Isaku Yamahata <=
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Michael S. Tsirkin, 2011/07/28
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Isaku Yamahata, 2011/07/28
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Isaku Yamahata, 2011/07/28
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Michael S. Tsirkin, 2011/07/29