From: Paolo Bonzini <pbonzini@redhat.com>
To: "Laszlo Ersek" <lersek@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
qemu-devel@nongnu.org, "Haibin Zhang" <haibinzhang@tencent.com>,
"David Edmondson" <david.edmondson@oracle.com>
Cc: mst@redhat.com, Markus Armbruster <armbru@redhat.com>,
dgilbert@redhat.com
Subject: Re: [PATCH] pci: add romsize property
Date: Fri, 22 Jan 2021 15:54:56 +0100 [thread overview]
Message-ID: <9edf5fb6-b888-d731-3d25-df003c55109b@redhat.com> (raw)
In-Reply-To: <1c506da5-26bc-9821-5096-16bc1458c342@redhat.com>
On 19/01/21 18:20, Laszlo Ersek wrote:
> I only have superficial comments:
>
> - if we're talking uint32_t, I'd kind of prefer UINT32_MAX to (-1),
> style-wise -- but feel free to ignore
>
> - we should print a uint32_t with ("%" PRIu32), not "%d" (again, only
> pedantry, but PRIu32 is widely used in qemu, AFAICS)
I would use %u, but yeah you're correct.
> - OK, so get_image_size() returns an int64_t, which pci_add_option_rom()
> assigns to an "int" without any range checking.
This is pre-existing, but it should be fixed indeed.
> Then we compare that int
> against the new uint32_t property... or else, on the other branch, we
> assign pow2ceil() -- a uint64_t -- to the new (uint32_t) property.
>
> - In pci_assign_dev_load_option_rom(), "st.st_size" (which is an off_t)
> is assigned to the new property...
>
>
> I find it hard to reason about whether this is safe. I'd suggest first
> cleaning up "int size" in pci_add_option_rom() -- use an int64_t, and
> maybe check it explicitly against some 32-bit limit? --, then introduce
> the new property as uint64_t. (Print it with PRIu64 then, I guess.)
ROM BARs cannot be 64-bit in size. There's just no room in
configuration space for that. Anyway yes pci_add_option_rom() is iffy
and I'll send v2.
Paolo
> BTW there's another aspect of is_power_of_2(): it catches the zero
> value. If the power-of-two check is dropped, I wonder if a zero property
> value could cause a mess, so it might be prudent to catch that
> explicitly. (Precedent: see the (size == 0) check in pci_add_option_rom().)
>
> Anyway, feel free to ignore all of my points; I just find it hard to
> reason about the "logic" when the code is not obviously overflow-free in
> the first place. (I'm not implying there are overflows; the code may be
> free of overflows -- it's just not*obviously* so, to me anyway.)
next prev parent reply other threads:[~2021-01-22 14:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-18 18:27 [PATCH] pci: add romsize property Paolo Bonzini
2020-12-18 18:54 ` Dr. David Alan Gilbert
2021-01-19 16:31 ` Peter Xu
2021-01-19 16:51 ` Philippe Mathieu-Daudé
2021-01-19 17:10 ` Paolo Bonzini
2021-01-19 17:19 ` Philippe Mathieu-Daudé
2021-01-19 17:20 ` Laszlo Ersek
2021-01-22 14:54 ` Paolo Bonzini [this message]
2021-01-20 10:14 ` David Edmondson
2021-01-22 14:30 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9edf5fb6-b888-d731-3d25-df003c55109b@redhat.com \
--to=pbonzini@redhat.com \
--cc=armbru@redhat.com \
--cc=david.edmondson@oracle.com \
--cc=dgilbert@redhat.com \
--cc=haibinzhang@tencent.com \
--cc=lersek@redhat.com \
--cc=mst@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.