Patchwork [3/4] Check pci slot number against PCIBUS_MAX_DEVICES in parse_pci_devfn

login
register
mail settings
Submitter Ken CC
Date Aug. 24, 2010, 1:27 p.m.
Message ID <20100824132741.GC19469@kt>
Download mbox | patch
Permalink /patch/62573/
State New
Headers show

Comments

Ken CC - Aug. 24, 2010, 1:27 p.m.
If pci addr provided from command line is bigger than 32,
PCIBUS_MAX_DEVICES, return error -EINVAL.

32 << 3 | 7 == 256 (PCIBUS_MAX_FUNCTIONS)
PCIBUS_MAX_FUNCTIONS = PCIBUS_MAX_DEVICES * PCI_FUNCTIONS_PER_DEVICE

Signed-off-by: Ken CC <ken.ccao@gmail.com>
---
 hw/qdev-properties.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)
Michael S. Tsirkin - Sept. 7, 2010, 5:20 p.m.
On Tue, Aug 24, 2010 at 09:27:41PM +0800, Ken CC wrote:
> If pci addr provided from command line is bigger than 32,
> PCIBUS_MAX_DEVICES, return error -EINVAL.
> 
> 32 << 3 | 7 == 256 (PCIBUS_MAX_FUNCTIONS)
> PCIBUS_MAX_FUNCTIONS = PCIBUS_MAX_DEVICES * PCI_FUNCTIONS_PER_DEVICE

Not really sure what these equations mean, the patch makes sense though,
we should validate input.

> Signed-off-by: Ken CC <ken.ccao@gmail.com>
> ---
>  hw/qdev-properties.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
> 
> diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
> index 9219cd7..565fd08 100644
> --- a/hw/qdev-properties.c
> +++ b/hw/qdev-properties.c
> @@ -1,5 +1,5 @@
>  #include "net.h"
> -#include "qdev.h"
> +#include "pci.h"
>  #include "qerror.h"
>  
>  void *qdev_get_prop_ptr(DeviceState *dev, Property *prop)
> @@ -514,6 +514,8 @@ static int parse_pci_devfn(DeviceState *dev, Property *prop, const char *str)
>              return -EINVAL;
>          }
>      }
> +    if (slot >= PCIBUS_MAX_DEVICES)
> +        return -EINVAL;
>      if (str[n] != '\0')
>          return -EINVAL;
>      if (fn > 7)

Patch

diff --git a/hw/qdev-properties.c b/hw/qdev-properties.c
index 9219cd7..565fd08 100644
--- a/hw/qdev-properties.c
+++ b/hw/qdev-properties.c
@@ -1,5 +1,5 @@ 
 #include "net.h"
-#include "qdev.h"
+#include "pci.h"
 #include "qerror.h"
 
 void *qdev_get_prop_ptr(DeviceState *dev, Property *prop)
@@ -514,6 +514,8 @@  static int parse_pci_devfn(DeviceState *dev, Property *prop, const char *str)
             return -EINVAL;
         }
     }
+    if (slot >= PCIBUS_MAX_DEVICES)
+        return -EINVAL;
     if (str[n] != '\0')
         return -EINVAL;
     if (fn > 7)