Patchwork [for,v1.0,2/3] msix: Prevent bogus mask updates on MMIO accesses

login
register
mail settings
Submitter Michael S. Tsirkin
Date Nov. 21, 2011, 4:57 p.m.
Message ID <bfe66ce6238666cd16056828085c960c955925bd.1321893802.git.mst@redhat.com>
Download mbox | patch
Permalink /patch/126862/
State New
Headers show

Comments

Michael S. Tsirkin - Nov. 21, 2011, 4:57 p.m.
>From: Jan Kiszka <jan.kiszka@siemens.com>

Only accesses to the MSI-X table must trigger a call to
msix_handle_mask_update, otherwise the vector
value might be out of range.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/msix.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

Patch

diff --git a/hw/msix.c b/hw/msix.c
index 63b41b9..2969601 100644
--- a/hw/msix.c
+++ b/hw/msix.c
@@ -176,6 +176,12 @@  static void msix_mmio_write(void *opaque, target_phys_addr_t addr,
     PCIDevice *dev = opaque;
     unsigned int offset = addr & (MSIX_PAGE_SIZE - 1) & ~0x3;
     int vector = offset / PCI_MSIX_ENTRY_SIZE;
+
+    /* MSI-X page includes a read-only PBA and a writeable Vector Control. */
+    if (vector >= dev->msix_entries_nr) {
+        return;
+    }
+
     pci_set_long(dev->msix_table_page + offset, val);
     msix_handle_mask_update(dev, vector);
 }