[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 18/45] msix: assert that accesses are within bounds
From: |
Paolo Bonzini |
Subject: |
[PULL 18/45] msix: assert that accesses are within bounds |
Date: |
Tue, 15 Dec 2020 12:54:18 -0500 |
This makes the testcase from the next patch fail.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/pci/msix.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/pci/msix.c b/hw/pci/msix.c
index 67e34f34d6..36491ee52b 100644
--- a/hw/pci/msix.c
+++ b/hw/pci/msix.c
@@ -179,6 +179,7 @@ static uint64_t msix_table_mmio_read(void *opaque, hwaddr
addr,
{
PCIDevice *dev = opaque;
+ assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
return pci_get_long(dev->msix_table + addr);
}
@@ -189,6 +190,8 @@ static void msix_table_mmio_write(void *opaque, hwaddr addr,
int vector = addr / PCI_MSIX_ENTRY_SIZE;
bool was_masked;
+ assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
+
was_masked = msix_is_masked(dev, vector);
pci_set_long(dev->msix_table + addr, val);
msix_handle_mask_update(dev, vector, was_masked);
--
2.26.2
- [PULL 11/45] plugin: propagate errors, (continued)
- [PULL 11/45] plugin: propagate errors, Paolo Bonzini, 2020/12/15
- [PULL 14/45] qmp: generalize watchdog-set-action to -no-reboot/-no-shutdown, Paolo Bonzini, 2020/12/15
- [PULL 10/45] vl: make qemu_get_machine_opts static, Paolo Bonzini, 2020/12/15
- [PULL 23/45] Remove the deprecated -show-cursor option, Paolo Bonzini, 2020/12/15
- [PULL 15/45] vl: Add an -action option specifying response to guest events, Paolo Bonzini, 2020/12/15
- [PULL 13/45] monitor: allow quitting while in preconfig state, Paolo Bonzini, 2020/12/15
- [PULL 16/45] vl: Add option to avoid stopping VM upon guest panic, Paolo Bonzini, 2020/12/15
- [PULL 21/45] docs/system: Move the list of removed features to a separate file, Paolo Bonzini, 2020/12/15
- [PULL 07/45] chardev: do not use machine_init_done, Paolo Bonzini, 2020/12/15
- [PULL 17/45] qtest/pvpanic: Test panic option that allows VM to continue, Paolo Bonzini, 2020/12/15
- [PULL 18/45] msix: assert that accesses are within bounds,
Paolo Bonzini <=
- [PULL 22/45] Remove the deprecated -realtime option, Paolo Bonzini, 2020/12/15
- [PULL 26/45] kvm: Take into account the unaligned section size when preparing bitmap, Paolo Bonzini, 2020/12/15
- [PULL 25/45] scsi: fix device removal race vs IO restart callback on resume, Paolo Bonzini, 2020/12/15
- [PULL 27/45] qemu-option: simplify search for end of key, Paolo Bonzini, 2020/12/15
- [PULL 36/45] tests: remove GCC < 4 fallbacks, Paolo Bonzini, 2020/12/15
- [PULL 32/45] qemu/atomic: Drop special case for unsupported compiler, Paolo Bonzini, 2020/12/15
- [PULL 35/45] qemu-plugin.h: remove GCC < 4, Paolo Bonzini, 2020/12/15
- [PULL 42/45] linux-user: remove GNUC check, Paolo Bonzini, 2020/12/15
- [PULL 20/45] accel/tcg: Remove deprecated '-tb-size' option, Paolo Bonzini, 2020/12/15
- [PULL 28/45] qemu-option: pass QemuOptsList to opts_accepts_any, Paolo Bonzini, 2020/12/15