[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL v2 29/58] pci: assert configuration access is within bounds
From: |
Michael S. Tsirkin |
Subject: |
[PULL v2 29/58] pci: assert configuration access is within bounds |
Date: |
Fri, 12 Jun 2020 10:52:07 -0400 |
From: Prasad J Pandit <pjp@fedoraproject.org>
While accessing PCI configuration bytes, assert that
'address + len' is within PCI configuration space.
Generally it is within bounds. This is more of a defensive
assert, in case a buggy device was to send 'address' which
may go out of bounds.
Suggested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20200604113525.58898-1-ppandit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/pci/pci.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 70c66965f5..7bf2ae6d92 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1381,6 +1381,8 @@ uint32_t pci_default_read_config(PCIDevice *d,
{
uint32_t val = 0;
+ assert(address + len <= pci_config_size(d));
+
if (pci_is_express_downstream_port(d) &&
ranges_overlap(address, len, d->exp.exp_cap + PCI_EXP_LNKSTA, 2)) {
pcie_sync_bridge_lnk(d);
@@ -1394,6 +1396,8 @@ void pci_default_write_config(PCIDevice *d, uint32_t
addr, uint32_t val_in, int
int i, was_irq_disabled = pci_irq_disabled(d);
uint32_t val = val_in;
+ assert(addr + l <= pci_config_size(d));
+
for (i = 0; i < l; val >>= 8, ++i) {
uint8_t wmask = d->wmask[addr + i];
uint8_t w1cmask = d->w1cmask[addr + i];
--
MST
- [PULL v2 20/58] bios-tables-test: Add Q35/TPM-TIS test, (continued)
[PULL v2 24/58] virtio-balloon: unref the iothread when unrealizing, Michael S. Tsirkin, 2020/06/12
[PULL v2 22/58] virtio-balloon: fix free page hinting without an iothread, Michael S. Tsirkin, 2020/06/12
[PULL v2 23/58] virtio-balloon: fix free page hinting check on unrealize, Michael S. Tsirkin, 2020/06/12
[PULL v2 27/58] MAINTAINERS: Fix the classification of bios-tables-test-allowed-diff.h, Michael S. Tsirkin, 2020/06/12
[PULL v2 28/58] hw/pci/pcie: Move hot plug capability check to pre_plug callback, Michael S. Tsirkin, 2020/06/12
[PULL v2 29/58] pci: assert configuration access is within bounds,
Michael S. Tsirkin <=
[PULL v2 26/58] virtio-balloon: Provide an interface for free page reporting, Michael S. Tsirkin, 2020/06/12
[PULL v2 33/58] hw/pci-host: Use the IEC binary prefix definitions, Michael S. Tsirkin, 2020/06/12
[PULL v2 34/58] char-socket: return -1 in case of disconnect during tcp_chr_write, Michael S. Tsirkin, 2020/06/12
[PULL v2 35/58] vhost-user-blk: delay vhost_user_blk_disconnect, Michael S. Tsirkin, 2020/06/12
[PULL v2 37/58] Add vhost-user helper to get MemoryRegion data, Michael S. Tsirkin, 2020/06/12
[PULL v2 36/58] Add helper to populate vhost-user message regions, Michael S. Tsirkin, 2020/06/12
[PULL v2 38/58] Add VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS, Michael S. Tsirkin, 2020/06/12
[PULL v2 39/58] Transmit vhost-user memory regions individually, Michael S. Tsirkin, 2020/06/12