[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in
|
From: |
Michael S. Tsirkin |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in virtio_address_space_read()/write() |
|
Date: |
Mon, 13 Jul 2015 10:36:34 +0300 |
On Mon, Jul 13, 2015 at 01:46:47PM +0800, Jason Wang wrote:
> We abort on unaligned read/write in
> virtio_address_space_read()/write() but since len in under control of
> guest so qemu will simply crash when booting a modern guest (guest is
> try to read when len is zero).
> read.
How can len be 0? Isn't this a guest bug? Or is this
a theoretical issue?
> Fix this by ignoring unaligned write or
>
> Fixes 1e40356ce5f6ccfa0bb57104a533c62952c560ce
> ("virtio fix cfg endian-ness for BE targets")
> Signed-off-by: Jason Wang <address@hidden>
I guess since we ignore some illegal values (e.g. > 4)
we should just whitelist the legal ones.
So the following looks like a slightly cleaner way to
make this change.
--->
virtio-pci: don't crash on illegal length
Some guests seem to access cfg with an illegal length value.
It's worth fixing them but debugging is easier if
qemu does not crash.
Signed-off-by: Michael S. Tsirkin <address@hidden>
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 6ca0258..c5e8cc0 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -546,7 +546,8 @@ static void virtio_write_config(PCIDevice *pci_dev,
uint32_t address,
off = le32_to_cpu(cfg->cap.offset);
len = le32_to_cpu(cfg->cap.length);
- if (len <= sizeof cfg->pci_cfg_data) {
+ if (len == 1 || len == 2 || len == 4) {
+ assert(len <= sizeof cfg->pci_cfg_data);
virtio_address_space_write(&proxy->modern_as, off,
cfg->pci_cfg_data, len);
}
@@ -570,7 +571,8 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev,
off = le32_to_cpu(cfg->cap.offset);
len = le32_to_cpu(cfg->cap.length);
- if (len <= sizeof cfg->pci_cfg_data) {
+ if (len == 1 || len == 2 || len == 4) {
+ assert(len <= sizeof cfg->pci_cfg_data);
virtio_address_space_read(&proxy->modern_as, off,
cfg->pci_cfg_data, len);
}
- Re: [Qemu-devel] [PATCH 4/5] Revert "virtio-net: enable virtio 1.0", (continued)
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in virtio_address_space_read()/write(),
Michael S. Tsirkin <=
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in virtio_address_space_read()/write(), Jason Wang, 2015/07/13