mirror of
https://github.com/qemu/qemu.git
synced 2026-07-08 17:46:10 +00:00
hw/pci: Replace assert with bounds check and return
As reported in https://gitlab.com/qemu-project/qemu/-/work_items/3334,
callers of 'pci_host_config_{read,write}_common' can pass length as 8,
causing an assert failure
The original issue with pnv_phb3 triggering the assert was fixed in a
previous commit
Instead of asserting on invalid length, check if the length is valid
(<=4), otherwise return (with the failure error code in read)
Reported-by: Zexiang Zhang <chan9yan9@gmail.com>
Signed-off-by: Aditya Gupta <adityag@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20260326190438.734239-3-adityag@linux.ibm.com>
(cherry picked from commit c7209c5671)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This commit is contained in:
committed by
Michael Tokarev
parent
d088b316c6
commit
d55463da56
@@ -81,7 +81,12 @@ void pci_host_config_write_common(PCIDevice *pci_dev, uint32_t addr,
|
||||
return;
|
||||
}
|
||||
|
||||
assert(len <= 4);
|
||||
if (len > 4) {
|
||||
PCI_DPRINTF("%s: invalid length access: addr " HWADDR_FMT_plx " \
|
||||
len %d val %"PRIx32"\n", __func__, addr, len, val);
|
||||
return;
|
||||
}
|
||||
|
||||
/* non-zero functions are only exposed when function 0 is present,
|
||||
* allowing direct removal of unexposed functions.
|
||||
*/
|
||||
@@ -106,7 +111,12 @@ uint32_t pci_host_config_read_common(PCIDevice *pci_dev, uint32_t addr,
|
||||
return ~0x0;
|
||||
}
|
||||
|
||||
assert(len <= 4);
|
||||
if (len > 4) {
|
||||
PCI_DPRINTF("%s: invalid length access: addr " HWADDR_FMT_plx " \
|
||||
len %d val %"PRIx32"\n", __func__, addr, len, val);
|
||||
return ~0x0;
|
||||
}
|
||||
|
||||
/* non-zero functions are only exposed when function 0 is present,
|
||||
* allowing direct removal of unexposed functions.
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user