From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 13F5CC433F5 for ; Sun, 20 Mar 2022 11:43:46 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1EEE083AC6; Sun, 20 Mar 2022 12:43:29 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="DJSrRyhA"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id C911083AC6; Sun, 20 Mar 2022 12:41:54 +0100 (CET) Received: from mail-wm1-x349.google.com (mail-wm1-x349.google.com [IPv6:2a00:1450:4864:20::349]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 37855838F0 for ; Sun, 20 Mar 2022 12:41:52 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=3_xI3YgYKBho0I2KBB6EE6B4.2ECK-1EEJB8IJI.34DN.34@flex--ascull.bounces.google.com Received: by mail-wm1-x349.google.com with SMTP id n62-20020a1ca441000000b0038124c99ebcso4514910wme.9 for ; Sun, 20 Mar 2022 04:41:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=3FewayXrT3tCEwl48erfkRLcwG8pgcsbeAEGYV5w7JY=; b=DJSrRyhAhhrJTFijor9sbNOxjVMU3CN4pF6cvMOJq6fOjFGxEhDZY2ric8w2qAyZSH kELcXdWlXYyfw7QX7FzaqKdqB/E1yZL2cSDVAenKVksSYKJWlBh37Oq2pzj9O49kkak1 BnfZYS5yDP+9utPLxXFHo5FoioxUqWgYZ76EQqZUU77R3ycWyC6uFSfgFgA4/J3ygLqc Dcs2on5Y7t06P71GcKWFP0DR/IjxTLOHrKDGfTB53QcJx8qu1oJlK9lMDX781KcAM6FM yFFk58Z6hVel9WLBUkfQXOjTrbnXUs7EFBQepfaPtGfr1X2JxusVS7oaCKhOYERox2lr JW9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=3FewayXrT3tCEwl48erfkRLcwG8pgcsbeAEGYV5w7JY=; b=EEvSfbyTjwbRCDqkx1KEbEpKcbqpSvjHatG1EfPMojeFBtJMaSmq6lIXd5GadBwP67 ydPAFkqgSiZjuvznNieHPK1m/+hujl7EoRBRNNRQL6BOAPR8EKWBD40NwZdkXKvQLZKb f8SeHB3xWnTFuMfBKS/1CZnSGEpEI+42CrgAMHx/ZLRbkddwViq8Rrfnqr/TtfCdSa3E FW6iv3SzIKMSKmbcCCBjTZbIIqwc32BBF5aT2DPsc+8iC1Wf2GRZToG8XdesToONRSFS u2FGXKPrNU6pb39x36RijdpnSjjqyUFrOpnbd0BiI6U5Z5G0VZa0KQFpYcDJ9HKjZRqs R13w== X-Gm-Message-State: AOAM531wbO/sNiOv9O3i0SUq5jldvNwaGtY+aJmMJQx30R49M5/whU4R +CXCK641EE+fd7oRKkg5Je1QPw6bKlN0G2py4xuXmrDbAW7J5YEdpNqkNPXrLsN9PNzaR5NPDTD tIaTML2uBrP+FVOS0frNxmB03pSv3U+d53f/EYNasu6sLdb8gk3aZUltKraQ= X-Google-Smtp-Source: ABdhPJz78CXnIKPlMy7Nq925N8u+UBI+xpfvKw2LgP+iV6ZxXObecowi9fbjBO2oWurgxcdYWctECfM77jg= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:a5d:5504:0:b0:203:e3be:518b with SMTP id b4-20020a5d5504000000b00203e3be518bmr14760250wrv.462.1647776511801; Sun, 20 Mar 2022 04:41:51 -0700 (PDT) Date: Sun, 20 Mar 2022 11:41:09 +0000 In-Reply-To: <20220320114118.2237795-1-ascull@google.com> Message-Id: <20220320114118.2237795-3-ascull@google.com> Mime-Version: 1.0 References: <20220320114118.2237795-1-ascull@google.com> X-Mailer: git-send-email 2.35.1.894.gb6a874cedc-goog Subject: [PATCH 02/11] virtio: pci: Bounds check device config access From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, bmeng.cn@gmail.com, adelva@google.com, keirf@google.com, ptosi@google.com, Andrew Scull Content-Type: text/plain; charset="UTF-8" X-Mailman-Approved-At: Sun, 20 Mar 2022 12:43:23 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The device config is optional, so check it was present and mapped before trying to use the pointer. Bounds violations are an error, not just a warning, so bail if the checks fail. Signed-off-by: Andrew Scull --- drivers/virtio/virtio_pci_modern.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c index 55d25cb81b..bcf9f18997 100644 --- a/drivers/virtio/virtio_pci_modern.c +++ b/drivers/virtio/virtio_pci_modern.c @@ -114,7 +114,11 @@ static int virtio_pci_get_config(struct udevice *udev, unsigned int offset, __le16 w; __le32 l; - WARN_ON(offset + len > priv->device_len); + if (!priv->device) + return -ENOSYS; + + if (offset + len > priv->device_len) + return -EINVAL; switch (len) { case 1: @@ -136,7 +140,7 @@ static int virtio_pci_get_config(struct udevice *udev, unsigned int offset, memcpy(buf + sizeof(l), &l, sizeof(l)); break; default: - WARN_ON(true); + return -EINVAL; } return 0; @@ -150,7 +154,11 @@ static int virtio_pci_set_config(struct udevice *udev, unsigned int offset, __le16 w; __le32 l; - WARN_ON(offset + len > priv->device_len); + if (!priv->device) + return -ENOSYS; + + if (offset + len > priv->device_len) + return -EINVAL; switch (len) { case 1: @@ -172,7 +180,7 @@ static int virtio_pci_set_config(struct udevice *udev, unsigned int offset, iowrite32(le32_to_cpu(l), priv->device + offset + sizeof(l)); break; default: - WARN_ON(true); + return -EINVAL; } return 0; -- 2.35.1.894.gb6a874cedc-goog