[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention
|
From: |
Isaku Yamahata |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention |
|
Date: |
Fri, 29 Jul 2011 10:01:43 +0900 |
|
User-agent: |
Mutt/1.5.19 (2009-01-05) |
On Thu, Jul 28, 2011 at 11:40:21AM +0300, Michael S. Tsirkin wrote:
> I don't see a problem with this, but could you please clarify when does
> this happen? I think this is only possible for a pci device
> behind an express root. If so, this belongs in pcie_host.c
>
> I'd also like this info to be recorded in the commit log.
>From 1dd598fd35d4e988dc51487829ed66208ca89021 Mon Sep 17 00:00:00 2001
Message-Id: <address@hidden>
From: Isaku Yamahata <address@hidden>
Date: Fri, 29 Jul 2011 09:52:45 +0900
Subject: [PATCH] pcie_host: limit check of pcie_mmcfg_data_write/read
This patch adds the check where the offset in the configuration space
is in its configuration size.
MMCFG area allows access of pcie configuration space to be in
offset [0, 4K).
At the same time, conventional pci devices whose configuration space size
is 256 bytes can be behind pcie-to-pci bridge.
The access whose offset is [256, 4K) should have no effect
on the conventional pci device
Add the limit check and ignore such accesses.
Signed-off-by: Isaku Yamahata <address@hidden>
---
hw/pcie_host.c | 28 ++++++++++++++++++++++------
1 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/hw/pcie_host.c b/hw/pcie_host.c
index f0b3d13..f9fea3d 100644
--- a/hw/pcie_host.c
+++ b/hw/pcie_host.c
@@ -56,23 +56,39 @@ static void pcie_mmcfg_data_write(PCIBus *s,
uint32_t mmcfg_addr, uint32_t val, int len)
{
PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
+ uint32_t addr;
+ uint32_t limit;
if (!pci_dev) {
return;
}
- pci_host_config_write_common(pci_dev, PCIE_MMCFG_CONFOFFSET(mmcfg_addr),
- pci_config_size(pci_dev), val, len);
+ addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
+ limit = pci_config_size(pci_dev);
+ if (limit <= addr) {
+ /* conventional pci device can be behind pcie-to-pci bridge.
+ 256 <= addr < 4K has no effects. */
+ return;
+ }
+ pci_host_config_write_common(pci_dev, addr, limit, val, len);
}
-static uint32_t pcie_mmcfg_data_read(PCIBus *s, uint32_t addr, int len)
+static uint32_t pcie_mmcfg_data_read(PCIBus *s, uint32_t mmcfg_addr, int len)
{
- PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, addr);
+ PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
+ uint32_t addr;
+ uint32_t limit;
if (!pci_dev) {
return ~0x0;
}
- return pci_host_config_read_common(pci_dev, PCIE_MMCFG_CONFOFFSET(addr),
- pci_config_size(pci_dev), len);
+ addr = PCIE_MMCFG_CONFOFFSET(mmcfg_addr);
+ limit = pci_config_size(pci_dev);
+ if (limit <= addr) {
+ /* conventional pci device can be behind pcie-to-pci bridge.
+ 256 <= addr < 4K has no effects. */
+ return ~0x0;
+ }
+ return pci_host_config_read_common(pci_dev, addr, limit, len);
}
static void pcie_mmcfg_data_writeb(void *opaque,
--
1.7.1.1
--
yamahata
- [Qemu-devel] [PATCH] pci: Common overflow prevention, Jan Kiszka, 2011/07/21
- Re: [Qemu-devel] [PATCH] pci: Common overflow prevention, Michael S. Tsirkin, 2011/07/22
- [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Jan Kiszka, 2011/07/22
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Isaku Yamahata, 2011/07/28
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Michael S. Tsirkin, 2011/07/28
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Isaku Yamahata, 2011/07/28
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention,
Isaku Yamahata <=
- Re: [Qemu-devel] [PATCH v2] pci: Common overflow prevention, Michael S. Tsirkin, 2011/07/29