* [Qemu-trivial] [PATCH v2 0/2] xen_pt: fix two Coverity defects
@ 2015-02-10 7:51 ` arei.gonglei
0 siblings, 0 replies; 12+ messages in thread
From: arei.gonglei @ 2015-02-10 7:51 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, Gonglei, peter.huangpeng, stefano.stabellini
From: Gonglei <arei.gonglei@huawei.com>
v2 -> v1:
- change the method of check in patch 2.(Stefano)
- add ACK of Stefano in patch 1.
Gonglei (2):
xen-pt: fix Negative array index read
xen-pt: fix Out-of-bounds read
hw/xen/xen_pt_config_init.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--
1.7.12.4
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH v2 0/2] xen_pt: fix two Coverity defects
@ 2015-02-10 7:51 ` arei.gonglei
0 siblings, 0 replies; 12+ messages in thread
From: arei.gonglei @ 2015-02-10 7:51 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, Gonglei, peter.huangpeng, stefano.stabellini
From: Gonglei <arei.gonglei@huawei.com>
v2 -> v1:
- change the method of check in patch 2.(Stefano)
- add ACK of Stefano in patch 1.
Gonglei (2):
xen-pt: fix Negative array index read
xen-pt: fix Out-of-bounds read
hw/xen/xen_pt_config_init.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
--
1.7.12.4
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Qemu-trivial] [PATCH v2 1/2] xen-pt: fix Negative array index read
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
@ 2015-02-10 7:51 ` arei.gonglei
-1 siblings, 0 replies; 12+ messages in thread
From: arei.gonglei @ 2015-02-10 7:51 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, Gonglei, peter.huangpeng, stefano.stabellini
From: Gonglei <arei.gonglei@huawei.com>
Coverity spot:
Function xen_pt_bar_offset_to_index() may returns a negative
number (-1) value index, which as an index to array d->io_regions.
Let's directly and simply pass index as an argument to
xen_pt_bar_reg_parse().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
hw/xen/xen_pt_config_init.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index de9a20f..710fe50 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -360,15 +360,13 @@ static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
}
static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
- XenPTRegInfo *reg)
+ int index)
{
PCIDevice *d = &s->dev;
XenPTRegion *region = NULL;
PCIIORegion *r;
- int index = 0;
/* check 64bit BAR */
- index = xen_pt_bar_offset_to_index(reg->offset);
if ((0 < index) && (index < PCI_ROM_SLOT)) {
int type = s->real_device.io_regions[index - 1].type;
@@ -422,7 +420,7 @@ static int xen_pt_bar_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
}
/* set BAR flag */
- s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
+ s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, index);
if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
reg_field = XEN_PT_INVALID_REG;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH v2 1/2] xen-pt: fix Negative array index read
@ 2015-02-10 7:51 ` arei.gonglei
0 siblings, 0 replies; 12+ messages in thread
From: arei.gonglei @ 2015-02-10 7:51 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, Gonglei, peter.huangpeng, stefano.stabellini
From: Gonglei <arei.gonglei@huawei.com>
Coverity spot:
Function xen_pt_bar_offset_to_index() may returns a negative
number (-1) value index, which as an index to array d->io_regions.
Let's directly and simply pass index as an argument to
xen_pt_bar_reg_parse().
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---
hw/xen/xen_pt_config_init.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index de9a20f..710fe50 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -360,15 +360,13 @@ static uint64_t xen_pt_get_bar_size(PCIIORegion *r)
}
static XenPTBarFlag xen_pt_bar_reg_parse(XenPCIPassthroughState *s,
- XenPTRegInfo *reg)
+ int index)
{
PCIDevice *d = &s->dev;
XenPTRegion *region = NULL;
PCIIORegion *r;
- int index = 0;
/* check 64bit BAR */
- index = xen_pt_bar_offset_to_index(reg->offset);
if ((0 < index) && (index < PCI_ROM_SLOT)) {
int type = s->real_device.io_regions[index - 1].type;
@@ -422,7 +420,7 @@ static int xen_pt_bar_reg_init(XenPCIPassthroughState *s, XenPTRegInfo *reg,
}
/* set BAR flag */
- s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, reg);
+ s->bases[index].bar_flag = xen_pt_bar_reg_parse(s, index);
if (s->bases[index].bar_flag == XEN_PT_BAR_FLAG_UNUSED) {
reg_field = XEN_PT_INVALID_REG;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Qemu-trivial] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
@ 2015-02-10 7:51 ` arei.gonglei
-1 siblings, 0 replies; 12+ messages in thread
From: arei.gonglei @ 2015-02-10 7:51 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, Gonglei, peter.huangpeng, stefano.stabellini
From: Gonglei <arei.gonglei@huawei.com>
The array length of s->real_device.io_regions[] is
"PCI_NUM_REGIONS - 1".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
hw/xen/xen_pt_config_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 710fe50..d99c22e 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
/* get BAR index */
index = xen_pt_bar_offset_to_index(reg->offset);
- if (index < 0 || index >= PCI_NUM_REGIONS) {
+ if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
return -1;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
@ 2015-02-10 7:51 ` arei.gonglei
0 siblings, 0 replies; 12+ messages in thread
From: arei.gonglei @ 2015-02-10 7:51 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, Gonglei, peter.huangpeng, stefano.stabellini
From: Gonglei <arei.gonglei@huawei.com>
The array length of s->real_device.io_regions[] is
"PCI_NUM_REGIONS - 1".
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
---
hw/xen/xen_pt_config_init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
index 710fe50..d99c22e 100644
--- a/hw/xen/xen_pt_config_init.c
+++ b/hw/xen/xen_pt_config_init.c
@@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
/* get BAR index */
index = xen_pt_bar_offset_to_index(reg->offset);
- if (index < 0 || index >= PCI_NUM_REGIONS) {
+ if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
return -1;
}
--
1.7.12.4
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [Qemu-trivial] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
@ 2015-02-10 8:11 ` Stefano Stabellini
-1 siblings, 0 replies; 12+ messages in thread
From: Stefano Stabellini @ 2015-02-10 8:11 UTC (permalink / raw)
To: Gonglei; +Cc: qemu-trivial, stefano.stabellini, qemu-devel, peter.huangpeng
On Tue, 10 Feb 2015, arei.gonglei@huawei.com wrote:
> From: Gonglei <arei.gonglei@huawei.com>
>
> The array length of s->real_device.io_regions[] is
> "PCI_NUM_REGIONS - 1".
>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
I am happy for these patches to go in via the qemu-trivial tree.
> hw/xen/xen_pt_config_init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
> index 710fe50..d99c22e 100644
> --- a/hw/xen/xen_pt_config_init.c
> +++ b/hw/xen/xen_pt_config_init.c
> @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
>
> /* get BAR index */
> index = xen_pt_bar_offset_to_index(reg->offset);
> - if (index < 0 || index >= PCI_NUM_REGIONS) {
> + if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
> XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
> return -1;
> }
> --
> 1.7.12.4
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
@ 2015-02-10 8:11 ` Stefano Stabellini
0 siblings, 0 replies; 12+ messages in thread
From: Stefano Stabellini @ 2015-02-10 8:11 UTC (permalink / raw)
To: Gonglei; +Cc: qemu-trivial, stefano.stabellini, qemu-devel, peter.huangpeng
On Tue, 10 Feb 2015, arei.gonglei@huawei.com wrote:
> From: Gonglei <arei.gonglei@huawei.com>
>
> The array length of s->real_device.io_regions[] is
> "PCI_NUM_REGIONS - 1".
>
> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
I am happy for these patches to go in via the qemu-trivial tree.
> hw/xen/xen_pt_config_init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
> index 710fe50..d99c22e 100644
> --- a/hw/xen/xen_pt_config_init.c
> +++ b/hw/xen/xen_pt_config_init.c
> @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
>
> /* get BAR index */
> index = xen_pt_bar_offset_to_index(reg->offset);
> - if (index < 0 || index >= PCI_NUM_REGIONS) {
> + if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
> XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
> return -1;
> }
> --
> 1.7.12.4
>
>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-trivial] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
2015-02-10 8:11 ` [Qemu-devel] " Stefano Stabellini
@ 2015-02-10 8:21 ` Gonglei
-1 siblings, 0 replies; 12+ messages in thread
From: Gonglei @ 2015-02-10 8:21 UTC (permalink / raw)
To: Stefano Stabellini; +Cc: qemu-trivial, mjt, qemu-devel, peter.huangpeng
On 2015/2/10 16:11, Stefano Stabellini wrote:
> On Tue, 10 Feb 2015, arei.gonglei@huawei.com wrote:
>> From: Gonglei <arei.gonglei@huawei.com>
>>
>> The array length of s->real_device.io_regions[] is
>> "PCI_NUM_REGIONS - 1".
>>
>> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
>
> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
>
> I am happy for these patches to go in via the qemu-trivial tree.
>
Thanks. Let me cc /mjt.
Regards,
-Gonglei
>> hw/xen/xen_pt_config_init.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
>> index 710fe50..d99c22e 100644
>> --- a/hw/xen/xen_pt_config_init.c
>> +++ b/hw/xen/xen_pt_config_init.c
>> @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
>>
>> /* get BAR index */
>> index = xen_pt_bar_offset_to_index(reg->offset);
>> - if (index < 0 || index >= PCI_NUM_REGIONS) {
>> + if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
>> XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
>> return -1;
>> }
>> --
>> 1.7.12.4
>>
>>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read
@ 2015-02-10 8:21 ` Gonglei
0 siblings, 0 replies; 12+ messages in thread
From: Gonglei @ 2015-02-10 8:21 UTC (permalink / raw)
To: Stefano Stabellini; +Cc: qemu-trivial, mjt, qemu-devel, peter.huangpeng
On 2015/2/10 16:11, Stefano Stabellini wrote:
> On Tue, 10 Feb 2015, arei.gonglei@huawei.com wrote:
>> From: Gonglei <arei.gonglei@huawei.com>
>>
>> The array length of s->real_device.io_regions[] is
>> "PCI_NUM_REGIONS - 1".
>>
>> Signed-off-by: Gonglei <arei.gonglei@huawei.com>
>
> Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
>
> I am happy for these patches to go in via the qemu-trivial tree.
>
Thanks. Let me cc /mjt.
Regards,
-Gonglei
>> hw/xen/xen_pt_config_init.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/hw/xen/xen_pt_config_init.c b/hw/xen/xen_pt_config_init.c
>> index 710fe50..d99c22e 100644
>> --- a/hw/xen/xen_pt_config_init.c
>> +++ b/hw/xen/xen_pt_config_init.c
>> @@ -438,7 +438,7 @@ static int xen_pt_bar_reg_read(XenPCIPassthroughState *s, XenPTReg *cfg_entry,
>>
>> /* get BAR index */
>> index = xen_pt_bar_offset_to_index(reg->offset);
>> - if (index < 0 || index >= PCI_NUM_REGIONS) {
>> + if (index < 0 || index >= PCI_NUM_REGIONS - 1) {
>> XEN_PT_ERR(&s->dev, "Internal error: Invalid BAR index [%d].\n", index);
>> return -1;
>> }
>> --
>> 1.7.12.4
>>
>>
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-trivial] [PATCH v2 0/2] xen_pt: fix two Coverity defects
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
@ 2015-02-10 18:57 ` Michael Tokarev
-1 siblings, 0 replies; 12+ messages in thread
From: Michael Tokarev @ 2015-02-10 18:57 UTC (permalink / raw)
To: arei.gonglei, qemu-devel, Stefano Stabellini
Cc: qemu-trivial, peter.huangpeng
Applied both to -trivial, with minor commit message wording
fix for 1/1.
Thanks,
/mjt
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [Qemu-devel] [PATCH v2 0/2] xen_pt: fix two Coverity defects
@ 2015-02-10 18:57 ` Michael Tokarev
0 siblings, 0 replies; 12+ messages in thread
From: Michael Tokarev @ 2015-02-10 18:57 UTC (permalink / raw)
To: arei.gonglei, qemu-devel, Stefano Stabellini
Cc: qemu-trivial, peter.huangpeng
Applied both to -trivial, with minor commit message wording
fix for 1/1.
Thanks,
/mjt
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2015-02-10 18:57 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-02-10 7:51 [Qemu-trivial] [PATCH v2 0/2] xen_pt: fix two Coverity defects arei.gonglei
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
2015-02-10 7:51 ` [Qemu-trivial] [PATCH v2 1/2] xen-pt: fix Negative array index read arei.gonglei
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
2015-02-10 7:51 ` [Qemu-trivial] [PATCH v2 2/2] xen-pt: fix Out-of-bounds read arei.gonglei
2015-02-10 7:51 ` [Qemu-devel] " arei.gonglei
2015-02-10 8:11 ` [Qemu-trivial] " Stefano Stabellini
2015-02-10 8:11 ` [Qemu-devel] " Stefano Stabellini
2015-02-10 8:21 ` [Qemu-trivial] " Gonglei
2015-02-10 8:21 ` [Qemu-devel] " Gonglei
2015-02-10 18:57 ` [Qemu-trivial] [PATCH v2 0/2] xen_pt: fix two Coverity defects Michael Tokarev
2015-02-10 18:57 ` [Qemu-devel] " Michael Tokarev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.