All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] hw: misc: edu: fix 2 off-by-one errors
@ 2022-01-09  4:05 Christopher Friedt
  0 siblings, 0 replies; only message in thread
From: Christopher Friedt @ 2022-01-09  4:05 UTC (permalink / raw)
  To: qemu-devel; +Cc: qemu-trivial, Christopher Friedt

In the case that size1 was zero, because of the explicit
'end1 > addr' check, the range check would fail and the error
message would read as shown below. The correct comparison
is 'end1 >= addr' (or 'addr <= end1').

EDU: DMA range 0x40000-0x3ffff out of bounds (0x40000-0x3ffff)!

At the opposite end, in the case that size1 was 4096, within()
would fail because of the non-inclusive check 'end1 < end2',
which should have been 'end1 <= end2'. The error message would
previously say

EDU: DMA range 0x40000-0x40fff out of bounds (0x40000-0x40fff)!

The solution is to use non-inclusive ranges e.g. [begin,end).

Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
---
 hw/misc/edu.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/hw/misc/edu.c b/hw/misc/edu.c
index e935c418d4..73e97a54e7 100644
--- a/hw/misc/edu.c
+++ b/hw/misc/edu.c
@@ -103,25 +103,21 @@ static void edu_lower_irq(EduState *edu, uint32_t val)
     }
 }
 
-static bool within(uint64_t addr, uint64_t start, uint64_t end)
-{
-    return start <= addr && addr < end;
-}
-
 static void edu_check_range(uint64_t addr, uint64_t size1, uint64_t start,
                 uint64_t size2)
 {
     uint64_t end1 = addr + size1;
     uint64_t end2 = start + size2;
 
-    if (within(addr, start, end2) &&
-            end1 > addr && within(end1, start, end2)) {
+    if (start <= addr && addr < end2 &&
+        addr <= end1 &&
+        start <= end1 && end1 <= end2) {
         return;
     }
 
-    hw_error("EDU: DMA range 0x%016"PRIx64"-0x%016"PRIx64
-             " out of bounds (0x%016"PRIx64"-0x%016"PRIx64")!",
-            addr, end1 - 1, start, end2 - 1);
+    hw_error("EDU: DMA range [0x%016"PRIx64", 0x%016"PRIx64")"
+             " out of bounds [0x%016"PRIx64", 0x%016"PRIx64")!",
+            addr, end1, start, end2);
 }
 
 static dma_addr_t edu_clamp_addr(const EduState *edu, dma_addr_t addr)
-- 
2.30.1 (Apple Git-130)



^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2022-01-09  4:06 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-09  4:05 [PATCH v2] hw: misc: edu: fix 2 off-by-one errors Christopher Friedt

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.