[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 08/13] pci: Fix silent truncation of pcie_aer_inject_error arg
From: |
Markus Armbruster |
Subject: |
[PATCH v2 08/13] pci: Fix silent truncation of pcie_aer_inject_error argument |
Date: |
Thu, 1 Dec 2022 13:11:28 +0100 |
PCI AER error status is 32 bit. The HMP command supports both
symbolic and numeric error status: anything that isn't a known
symbolic value is parsed as number with strtol(). Issues:
* Empty argument yields value zero.
* Range errors from strtol() are ignored, value is UINT32_MAX.
* Values not representable in uint32_t are silently truncated.
Fix to reject such input by switching to strtoui().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/pci/pcie_aer.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
index eff62f3945..58d20816d6 100644
--- a/hw/pci/pcie_aer.c
+++ b/hw/pci/pcie_aer.c
@@ -30,6 +30,7 @@
#include "hw/pci/pci_bus.h"
#include "hw/pci/pcie_regs.h"
#include "qapi/error.h"
+#include "qemu/cutils.h"
//#define DEBUG_PCIE
#ifdef DEBUG_PCIE
@@ -963,6 +964,7 @@ static int do_pcie_aer_inject_error(Monitor *mon,
const char *id = qdict_get_str(qdict, "id");
const char *error_name;
uint32_t error_status;
+ unsigned int num;
bool correctable;
PCIDevice *dev;
PCIEAERErr err;
@@ -983,14 +985,13 @@ static int do_pcie_aer_inject_error(Monitor *mon,
error_name = qdict_get_str(qdict, "error_status");
if (pcie_aer_parse_error_string(error_name, &error_status, &correctable)) {
- char *e = NULL;
- error_status = strtoul(error_name, &e, 0);
- correctable = qdict_get_try_bool(qdict, "correctable", false);
- if (!e || *e != '\0') {
+ if (qemu_strtoui(error_name, NULL, 0, &num) < 0) {
monitor_printf(mon, "invalid error status value. \"%s\"",
error_name);
return -EINVAL;
}
+ error_status = num;
+ correctable = qdict_get_try_bool(qdict, "correctable", false);
}
err.status = error_status;
err.source_id = pci_requester_id(dev);
--
2.37.3
- [PATCH v2 00/13] pci: Move and clean up monitor command code, Markus Armbruster, 2022/12/01
- [PATCH v2 04/13] pci: Make query-pci stub consistent with the real one, Markus Armbruster, 2022/12/01
- [PATCH v2 02/13] pci: Move QMP commands to new hw/pci/pci-qmp-cmds.c, Markus Armbruster, 2022/12/01
- [PATCH v2 05/13] pci: Build hw/pci/pci-hmp-cmds.c only when CONFIG_PCI, Markus Armbruster, 2022/12/01
- [PATCH v2 08/13] pci: Fix silent truncation of pcie_aer_inject_error argument,
Markus Armbruster <=
- [PATCH v2 06/13] pci: Deduplicate get_class_desc(), Markus Armbruster, 2022/12/01
- [PATCH v2 10/13] pci: Inline do_pcie_aer_inject_error() into its only caller, Markus Armbruster, 2022/12/01
- [PATCH v2 07/13] pci: Move pcibus_dev_print() to pci-hmp-cmds.c, Markus Armbruster, 2022/12/01
- [PATCH v2 11/13] pci: Rename hmp_pcie_aer_inject_error()'s local variable @err, Markus Armbruster, 2022/12/01
- [PATCH v2 09/13] pci: Move HMP command from hw/pci/pcie_aer.c to pci-hmp-cmds.c, Markus Armbruster, 2022/12/01
- [PATCH v2 13/13] pci: Reject pcie_aer_inject_error -c with symbolic error status, Markus Armbruster, 2022/12/01
- [PATCH v2 03/13] pci: Move HMP commands from monitor/ to new hw/pci/pci-hmp-cmds.c, Markus Armbruster, 2022/12/01
- [PATCH v2 01/13] pci: Clean up a few things checkpatch.pl would flag later on, Markus Armbruster, 2022/12/01
- [PATCH v2 12/13] pci: Improve do_pcie_aer_inject_error()'s error messages, Markus Armbruster, 2022/12/01