* [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches
@ 2020-08-06 13:09 Philippe Mathieu-Daudé
2020-08-06 13:09 ` [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo Philippe Mathieu-Daudé
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-08-06 13:09 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Eduardo Habkost, qemu-trivial, Michael Tokarev, Laurent Vivier,
Philippe Mathieu-Daudé,
Paolo Bonzini
Fix a typo and assert sysbus_mmio_get_region() is called
with correct index.
Philippe Mathieu-Daudé (2):
hw/core/sysbus: Fix a typo
hw/core/sysbus: Assert memory region index is in range
hw/core/sysbus.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.21.3
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo
2020-08-06 13:09 [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
@ 2020-08-06 13:09 ` Philippe Mathieu-Daudé
2020-08-12 17:47 ` Richard Henderson
2020-09-01 7:27 ` Laurent Vivier
2020-08-06 13:09 ` [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range Philippe Mathieu-Daudé
2020-08-22 20:01 ` [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
2 siblings, 2 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-08-06 13:09 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Eduardo Habkost, qemu-trivial, Michael Tokarev, Laurent Vivier,
Philippe Mathieu-Daudé,
Paolo Bonzini
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/core/sysbus.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index 70239b7e7d..77ab351ce1 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -64,7 +64,7 @@ void foreach_dynamic_sysbus_device(FindSysbusDeviceFunc *func, void *opaque)
.opaque = opaque,
};
- /* Loop through all sysbus devices that were spawened outside the machine */
+ /* Loop through all sysbus devices that were spawned outside the machine */
container = container_get(qdev_get_machine(), "/peripheral");
find_sysbus_device(container, &find);
container = container_get(qdev_get_machine(), "/peripheral-anon");
--
2.21.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range
2020-08-06 13:09 [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
2020-08-06 13:09 ` [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo Philippe Mathieu-Daudé
@ 2020-08-06 13:09 ` Philippe Mathieu-Daudé
2020-08-12 17:48 ` Richard Henderson
2020-09-01 7:28 ` Laurent Vivier
2020-08-22 20:01 ` [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
2 siblings, 2 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-08-06 13:09 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Eduardo Habkost, qemu-trivial, Michael Tokarev, Laurent Vivier,
Philippe Mathieu-Daudé,
Paolo Bonzini
Devices incorrectly modelled might use invalid index while
calling sysbus_mmio_get_region(), leading to OOB access.
Help developers by asserting the index is in range.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
hw/core/sysbus.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index 77ab351ce1..294f90b7de 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -199,6 +199,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory)
MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n)
{
+ assert(n >= 0 && n < QDEV_MAX_MMIO);
return dev->mmio[n].memory;
}
--
2.21.3
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo
2020-08-06 13:09 ` [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo Philippe Mathieu-Daudé
@ 2020-08-12 17:47 ` Richard Henderson
2020-09-01 7:27 ` Laurent Vivier
1 sibling, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2020-08-12 17:47 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Daniel P. Berrangé,
Eduardo Habkost, qemu-trivial, Michael Tokarev, Laurent Vivier,
Paolo Bonzini
On 8/6/20 6:09 AM, Philippe Mathieu-Daudé wrote:
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> hw/core/sysbus.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range
2020-08-06 13:09 ` [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range Philippe Mathieu-Daudé
@ 2020-08-12 17:48 ` Richard Henderson
2020-09-01 7:28 ` Laurent Vivier
1 sibling, 0 replies; 8+ messages in thread
From: Richard Henderson @ 2020-08-12 17:48 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: Daniel P. Berrangé,
Eduardo Habkost, qemu-trivial, Michael Tokarev, Laurent Vivier,
Paolo Bonzini
On 8/6/20 6:09 AM, Philippe Mathieu-Daudé wrote:
> Devices incorrectly modelled might use invalid index while
> calling sysbus_mmio_get_region(), leading to OOB access.
> Help developers by asserting the index is in range.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> hw/core/sysbus.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
r~
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches
2020-08-06 13:09 [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
2020-08-06 13:09 ` [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo Philippe Mathieu-Daudé
2020-08-06 13:09 ` [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range Philippe Mathieu-Daudé
@ 2020-08-22 20:01 ` Philippe Mathieu-Daudé
2 siblings, 0 replies; 8+ messages in thread
From: Philippe Mathieu-Daudé @ 2020-08-22 20:01 UTC (permalink / raw)
To: qemu-devel
Cc: Daniel P. Berrangé,
Eduardo Habkost, qemu-trivial, Michael Tokarev, Laurent Vivier,
Paolo Bonzini
On 8/6/20 3:09 PM, Philippe Mathieu-Daudé wrote:
> Fix a typo and assert sysbus_mmio_get_region() is called
> with correct index.
>
> Philippe Mathieu-Daudé (2):
> hw/core/sysbus: Fix a typo
> hw/core/sysbus: Assert memory region index is in range
>
> hw/core/sysbus.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
ping?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo
2020-08-06 13:09 ` [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo Philippe Mathieu-Daudé
2020-08-12 17:47 ` Richard Henderson
@ 2020-09-01 7:27 ` Laurent Vivier
1 sibling, 0 replies; 8+ messages in thread
From: Laurent Vivier @ 2020-09-01 7:27 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: qemu-trivial, Michael Tokarev, Daniel P. Berrangé,
Eduardo Habkost, Paolo Bonzini
Le 06/08/2020 à 15:09, Philippe Mathieu-Daudé a écrit :
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> hw/core/sysbus.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
> index 70239b7e7d..77ab351ce1 100644
> --- a/hw/core/sysbus.c
> +++ b/hw/core/sysbus.c
> @@ -64,7 +64,7 @@ void foreach_dynamic_sysbus_device(FindSysbusDeviceFunc *func, void *opaque)
> .opaque = opaque,
> };
>
> - /* Loop through all sysbus devices that were spawened outside the machine */
> + /* Loop through all sysbus devices that were spawned outside the machine */
> container = container_get(qdev_get_machine(), "/peripheral");
> find_sysbus_device(container, &find);
> container = container_get(qdev_get_machine(), "/peripheral-anon");
>
Applied to my trivial-patches branch.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range
2020-08-06 13:09 ` [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range Philippe Mathieu-Daudé
2020-08-12 17:48 ` Richard Henderson
@ 2020-09-01 7:28 ` Laurent Vivier
1 sibling, 0 replies; 8+ messages in thread
From: Laurent Vivier @ 2020-09-01 7:28 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, qemu-devel
Cc: qemu-trivial, Michael Tokarev, Daniel P. Berrangé,
Eduardo Habkost, Paolo Bonzini
Le 06/08/2020 à 15:09, Philippe Mathieu-Daudé a écrit :
> Devices incorrectly modelled might use invalid index while
> calling sysbus_mmio_get_region(), leading to OOB access.
> Help developers by asserting the index is in range.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
> hw/core/sysbus.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
> index 77ab351ce1..294f90b7de 100644
> --- a/hw/core/sysbus.c
> +++ b/hw/core/sysbus.c
> @@ -199,6 +199,7 @@ void sysbus_init_mmio(SysBusDevice *dev, MemoryRegion *memory)
>
> MemoryRegion *sysbus_mmio_get_region(SysBusDevice *dev, int n)
> {
> + assert(n >= 0 && n < QDEV_MAX_MMIO);
> return dev->mmio[n].memory;
> }
>
>
Applied to my trivial-patches branch.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-09-01 7:31 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-06 13:09 [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
2020-08-06 13:09 ` [PATCH-for-5.2 1/2] hw/core/sysbus: Fix a typo Philippe Mathieu-Daudé
2020-08-12 17:47 ` Richard Henderson
2020-09-01 7:27 ` Laurent Vivier
2020-08-06 13:09 ` [PATCH-for-5.2 2/2] hw/core/sysbus: Assert memory region index is in range Philippe Mathieu-Daudé
2020-08-12 17:48 ` Richard Henderson
2020-09-01 7:28 ` Laurent Vivier
2020-08-22 20:01 ` [PATCH-for-5.2 0/2] hw/core/sysbus: Trivial cleanup patches Philippe Mathieu-Daudé
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.