[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH for v1.0 2/3] msix: Prevent bogus mask updates on MM
|
From: |
Michael S. Tsirkin |
|
Subject: |
[Qemu-devel] [PATCH for v1.0 2/3] msix: Prevent bogus mask updates on MMIO accesses |
|
Date: |
Mon, 21 Nov 2011 18:57:31 +0200 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
>From: Jan Kiszka <address@hidden>
Only accesses to the MSI-X table must trigger a call to
msix_handle_mask_update, otherwise the vector
value might be out of range.
Signed-off-by: Jan Kiszka <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/msix.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/hw/msix.c b/hw/msix.c
index 63b41b9..2969601 100644
--- a/hw/msix.c
+++ b/hw/msix.c
@@ -176,6 +176,12 @@ static void msix_mmio_write(void *opaque,
target_phys_addr_t addr,
PCIDevice *dev = opaque;
unsigned int offset = addr & (MSIX_PAGE_SIZE - 1) & ~0x3;
int vector = offset / PCI_MSIX_ENTRY_SIZE;
+
+ /* MSI-X page includes a read-only PBA and a writeable Vector Control. */
+ if (vector >= dev->msix_entries_nr) {
+ return;
+ }
+
pci_set_long(dev->msix_table_page + offset, val);
msix_handle_mask_update(dev, vector);
}
--
1.7.5.53.gc233e