From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9CFD8C433F5
	for <u-boot@archiver.kernel.org>; Fri, 25 Mar 2022 07:14:50 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 11C318416A;
	Fri, 25 Mar 2022 08:14:39 +0100 (CET)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Lvkivfio";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 753B08415F; Fri, 25 Mar 2022 08:14:33 +0100 (CET)
Received: from mail-yw1-x112b.google.com (mail-yw1-x112b.google.com
 [IPv6:2607:f8b0:4864:20::112b])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 2AB068416A
 for <u-boot@lists.denx.de>; Fri, 25 Mar 2022 08:14:29 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=bmeng.cn@gmail.com
Received: by mail-yw1-x112b.google.com with SMTP id
 00721157ae682-2e68c95e0f9so74189677b3.0
 for <u-boot@lists.denx.de>; Fri, 25 Mar 2022 00:14:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=74jYmxgYVstc7tqcszgg/DmL3A7Pq+ZJaLtxz1Noqbs=;
 b=LvkivfioEdA/VV/RAB5svd3LXGAxhT73hpl6bETAEr0kZd4mzc9WPqRHOuvvbyC/AD
 Uuj5WQaHSygOQGkLi19DHS/IbzY4XWZl0mBsyok4l/xUnnLl06DDGdBAKZtg/neC0XBq
 FGjsUOTIP/p7TnN0rQZ5xRa2Ix32cz62Gqm/kgD8okX0Ik4bF1ftetWxGzqteS6DsM62
 J/z9LDCOZWYVk6dpBpu3F/7Z6mNw5A4RbuhUBXuZTrmbdSWdHjpNGCQa5jkb4P8I9mnu
 Zg7AyCUnvs6Mx4RAxg0j09q6Z2yX0dJ0dF+gq7kEaUfz8Cbj2b452GElC2q2NSa2T08M
 Fw9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=74jYmxgYVstc7tqcszgg/DmL3A7Pq+ZJaLtxz1Noqbs=;
 b=Em3cONJwf5yp7AEJaWiIbQXHtQG2cb4zIuKpUeI8mNVEc1fgoDGObUeyF5x3t3jFHp
 EAD/XCaAM+wm3RYsQHjEImrPx8H5Sjh1BIpQu+qwFagV9lEZFUQCLBYIs+qwK4lpWrHV
 L85+dprsKpPlgAgXISuKbhZo1BZyjXo41wR7r/vV5y3w/1NLzBfP6SRfZ/aLbX2hKNAA
 B1lzNKIgxhGcXHThCA05W3dfYeBhiCXqMhCBTznmc+aUM1biejHVt/nPoxuuaGl5NOCS
 sck8LTDU1gst4RViiyohfGXQUazLVo1OAmM318Q7Xyi4PfklWJ1ozs/ePOJz1BiLjIkq
 aHVA==
X-Gm-Message-State: AOAM533EEzqE3iALxw1PoypQCcioLnWJel7lHWqaunsjWwvZ7EbR4Btm
 u54LDaLewTyT1OhOTr2HzgXxzLfsK1/un5OGtMI=
X-Google-Smtp-Source: ABdhPJwGEvJZryrZIHTFfvuqUW2rbXx6ihLucNPqhYy8GsSN/VoziTuFrEvnZVkdeA/QwVjf0jnCBMMgadwFE4h0FRE=
X-Received: by 2002:a81:ad7:0:b0:2e6:84de:3223 with SMTP id
 206-20020a810ad7000000b002e684de3223mr8801092ywk.209.1648192468062; Fri, 25
 Mar 2022 00:14:28 -0700 (PDT)
MIME-Version: 1.0
References: <20220320114118.2237795-1-ascull@google.com>
 <20220320114118.2237795-11-ascull@google.com>
In-Reply-To: <20220320114118.2237795-11-ascull@google.com>
From: Bin Meng <bmeng.cn@gmail.com>
Date: Fri, 25 Mar 2022 15:14:15 +0800
Message-ID: <CAEUhbmXmoetw0ggKSFLM0L5SkDSxfhNOyq8XuOF7jXbbvApR4g@mail.gmail.com>
Subject: Re: [PATCH 10/11] virtio: pci: Check mapped range is in a PCI region
To: Andrew Scull <ascull@google.com>
Cc: U-Boot Mailing List <u-boot@lists.denx.de>, Simon Glass <sjg@chromium.org>,
 Alistair Delva <adelva@google.com>, Keir Fraser <keirf@google.com>, 
 =?UTF-8?Q?Pierre=2DCl=C3=A9ment_Tosi?= <ptosi@google.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

On Sun, Mar 20, 2022 at 7:42 PM Andrew Scull <ascull@google.com> wrote:
>
> The virtio PCI capabilities describe a region of memory that should be
> mapped. Ensure those are valid PCI regions before accessing them.
>
> Signed-off-by: Andrew Scull <ascull@google.com>
> ---
>  drivers/virtio/virtio_pci_modern.c | 23 +++++++++++++++++++----
>  1 file changed, 19 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c
> index 2f1a1cedbc..84750e2b27 100644
> --- a/drivers/virtio/virtio_pci_modern.c
> +++ b/drivers/virtio/virtio_pci_modern.c
> @@ -457,8 +457,9 @@ static int virtio_pci_find_capability(struct udevice *udev, u8 cfg_type,
>  static void __iomem *virtio_pci_map_capability(struct udevice *udev,
>                                                const struct virtio_pci_cap *cap)
>  {
> -       ulong base;
> -       void __iomem *p;
> +       unsigned long mask, flags;
> +       phys_addr_t phys_addr;
> +       u32 base;
>
>         if (!cap)
>                 return NULL;
> @@ -470,9 +471,23 @@ static void __iomem *virtio_pci_map_capability(struct udevice *udev,
>          * For simplicity, only read the BAR address as 32-bit.
>          */
>         base = dm_pci_read_bar32(udev, cap->bar);
> -       p = (void __iomem *)base + cap->offset;
>
> -       return p;
> +       if (U32_MAX - base < cap->offset)
> +               return NULL;
> +       base += cap->offset;
> +
> +       if (U32_MAX - base < cap->length)
> +               return NULL;
> +
> +       /* Find the corresponding memory region that isn't system memory. */
> +       mask = PCI_REGION_TYPE | PCI_REGION_SYS_MEMORY;
> +       flags = PCI_REGION_MEM;
> +       phys_addr = dm_pci_bus_range_to_phys(dev_get_parent(udev), base,
> +                                            cap->length, mask, flags);
> +       if (!phys_addr)
> +               return NULL;
> +
> +       return (void __iomem *)map_physmem(phys_addr, cap->length, MAP_NOCACHE);

Could we use dm_pci_map_bar() instead?

I understand the way the current patch does is to add some sanity
checks against buggy virtio device implementations, but is it really
necessary, or can we move such check somewhere else, like in the
probe()?

>  }
>
>  static int virtio_pci_bind(struct udevice *udev)
> --

Regards,
Bin