From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51995) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVajg-0002Jl-IE for qemu-devel@nongnu.org; Tue, 16 Feb 2016 03:11:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aVajb-0006Nr-I1 for qemu-devel@nongnu.org; Tue, 16 Feb 2016 03:11:52 -0500 Received: from e06smtp10.uk.ibm.com ([195.75.94.106]:52693) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aVajb-0006Nn-7o for qemu-devel@nongnu.org; Tue, 16 Feb 2016 03:11:47 -0500 Received: from localhost by e06smtp10.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 16 Feb 2016 08:11:45 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by d06dlp03.portsmouth.uk.ibm.com (Postfix) with ESMTP id 08EAA1B08067 for ; Tue, 16 Feb 2016 08:12:00 +0000 (GMT) Received: from d06av08.portsmouth.uk.ibm.com (d06av08.portsmouth.uk.ibm.com [9.149.37.249]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u1G8BhsN30015572 for ; Tue, 16 Feb 2016 08:11:43 GMT Received: from d06av08.portsmouth.uk.ibm.com (localhost [127.0.0.1]) by d06av08.portsmouth.uk.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id u1G8Bhb7009429 for ; Tue, 16 Feb 2016 01:11:43 -0700 References: <1454784308-21177-1-git-send-email-mst@redhat.com> <1454784308-21177-23-git-send-email-mst@redhat.com> <56C2D39D.8010005@redhat.com> From: =?UTF-8?Q?C=c3=a9dric_Le_Goater?= Message-ID: <56C2D9BD.70906@fr.ibm.com> Date: Tue, 16 Feb 2016 09:11:41 +0100 MIME-Version: 1.0 In-Reply-To: <56C2D39D.8010005@redhat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Subject: Re: [Qemu-devel] [PULL v2 22/45] ipmi: introduce a struct ipmi_sdr_compact List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Paolo Bonzini , "Michael S. Tsirkin" , qemu-devel@nongnu.org Cc: Marcel Apfelbaum , Corey Minyard , Greg Kurz On 02/16/2016 08:45 AM, Paolo Bonzini wrote: > > > On 06/02/2016 20:13, Michael S. Tsirkin wrote: >> >> - if (sdr[7] > MAX_SENSORS) { >> + if (sdr->sensor_owner_number > MAX_SENSORS) { > > This is another off-by-one, it should have been >=. Same for all these > occurrences later in the same file: > > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || > hw/ipmi/ipmi_bmc_sim.c: if ((cmd[2] > MAX_SENSORS) || I missed that. Here is a patch. Thanks, C. From: Cédric Le Goater Subject: [PATCH] ipmi: sensor number should not exceed MAX_SENSORS Date: Tue, 16 Feb 2016 09:05:44 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric Le Goater --- hw/ipmi/ipmi_bmc_sim.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) Index: qemu-powernv.git/hw/ipmi/ipmi_bmc_sim.c =================================================================== --- qemu-powernv.git.orig/hw/ipmi/ipmi_bmc_sim.c +++ qemu-powernv.git/hw/ipmi/ipmi_bmc_sim.c @@ -536,7 +536,7 @@ static void ipmi_init_sensors_from_sdrs( continue; /* Not a sensor SDR we set from */ } - if (sdr->sensor_owner_number > MAX_SENSORS) { + if (sdr->sensor_owner_number >= MAX_SENSORS) { continue; } sens = s->sensors + sdr->sensor_owner_number; @@ -1448,7 +1448,7 @@ static void set_sensor_evt_enable(IPMIBm IPMISensor *sens; IPMI_CHECK_CMD_LEN(4); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return; @@ -1500,7 +1500,7 @@ static void get_sensor_evt_enable(IPMIBm IPMISensor *sens; IPMI_CHECK_CMD_LEN(3); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return; @@ -1521,7 +1521,7 @@ static void rearm_sensor_evts(IPMIBmcSim IPMISensor *sens; IPMI_CHECK_CMD_LEN(4); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return; @@ -1543,7 +1543,7 @@ static void get_sensor_evt_status(IPMIBm IPMISensor *sens; IPMI_CHECK_CMD_LEN(3); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return; @@ -1565,7 +1565,7 @@ static void get_sensor_reading(IPMIBmcSi IPMISensor *sens; IPMI_CHECK_CMD_LEN(3); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return; @@ -1588,7 +1588,7 @@ static void set_sensor_type(IPMIBmcSim * IPMI_CHECK_CMD_LEN(5); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return; @@ -1607,7 +1607,7 @@ static void get_sensor_type(IPMIBmcSim * IPMI_CHECK_CMD_LEN(3); - if ((cmd[2] > MAX_SENSORS) || + if ((cmd[2] >= MAX_SENSORS) || !IPMI_SENSOR_GET_PRESENT(ibs->sensors + cmd[2])) { rsp[2] = IPMI_CC_REQ_ENTRY_NOT_PRESENT; return;