Message ID | 20200811114133.672647-7-ppandit@redhat.com |
---|---|
State | New |
Headers | show |
Series | memory: assert and define MemoryRegionOps callbacks | expand |
Cc'ing PCI maintainers On 8/11/20 1:41 PM, P J P wrote: > From: Prasad J Pandit <pjp@fedoraproject.org> > > Add spapr msi mmio read method to avoid NULL pointer dereference > issue. > > Reported-by: Lei Sun <slei.casper@gmail.com> > Acked-by: David Gibson <david@gibson.dropbear.id.au> > Reviewed-by: Li Qiang <liq3ea@gmail.com> > Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> > --- > hw/ppc/spapr_pci.c | 14 ++++++++++++-- > 1 file changed, 12 insertions(+), 2 deletions(-) > > Update v4: fix multi-line comment and log guest_error > -> https://lists.nongnu.org/archive/html/qemu-devel/2020-07/msg05311.html > > diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c > index 363cdb3f7b..53dfd3d8c6 100644 > --- a/hw/ppc/spapr_pci.c > +++ b/hw/ppc/spapr_pci.c > @@ -52,6 +52,7 @@ > #include "sysemu/kvm.h" > #include "sysemu/hostmem.h" > #include "sysemu/numa.h" > +#include "qemu/log.h" > > /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */ > #define RTAS_QUERY_FN 0 > @@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin) > return route; > } > > +static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size) > +{ > + qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid access\n", __func__); > + return 0; > +} > + > /* > * MSI/MSIX memory region implementation. > * The handler handles both MSI and MSIX. > @@ -755,8 +762,11 @@ static void spapr_msi_write(void *opaque, hwaddr addr, > } > > static const MemoryRegionOps spapr_msi_ops = { > - /* There is no .read as the read result is undefined by PCI spec */ > - .read = NULL, > + /* > + * .read result is undefined by PCI spec. > + * define .read method to avoid assert failure in memory_region_init_io > + */ > + .read = spapr_msi_read, Shouldn't this be a read_with_attrs handler returning MEMTX_ERROR instead? Maybe we need another MemTxResult which does not yet exist. > .write = spapr_msi_write, > .endianness = DEVICE_LITTLE_ENDIAN > }; >
+-- On Tue, 11 Aug 2020, Philippe Mathieu-Daudé wrote --+ | Cc'ing PCI maintainers ... | > + .read = spapr_msi_read, | | Shouldn't this be a read_with_attrs handler returning MEMTX_ERROR | instead? Maybe we need another MemTxResult which does not yet exist. Could this be a subsequent new patch? This patch series is reviewed/ack'd, could be included in the v5.1.0 release. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c index 363cdb3f7b..53dfd3d8c6 100644 --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -52,6 +52,7 @@ #include "sysemu/kvm.h" #include "sysemu/hostmem.h" #include "sysemu/numa.h" +#include "qemu/log.h" /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */ #define RTAS_QUERY_FN 0 @@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin_to_irq(void *opaque, int pin) return route; } +static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size) +{ + qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid access\n", __func__); + return 0; +} + /* * MSI/MSIX memory region implementation. * The handler handles both MSI and MSIX. @@ -755,8 +762,11 @@ static void spapr_msi_write(void *opaque, hwaddr addr, } static const MemoryRegionOps spapr_msi_ops = { - /* There is no .read as the read result is undefined by PCI spec */ - .read = NULL, + /* + * .read result is undefined by PCI spec. + * define .read method to avoid assert failure in memory_region_init_io + */ + .read = spapr_msi_read, .write = spapr_msi_write, .endianness = DEVICE_LITTLE_ENDIAN };