From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, mst@redhat.com, marcel.apfelbaum@gmail.com
Subject: Re: [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error argument
Date: Tue, 29 Nov 2022 12:14:54 +0000 [thread overview]
Message-ID: <Y4X3vt1M+boYDm7Q@work-vm> (raw)
In-Reply-To: <20221128080202.2570543-9-armbru@redhat.com>
* Markus Armbruster (armbru@redhat.com) wrote:
> PCI AER error status is 32 bit. When the HMP command's second
> argument parses as a number, values greater than ULONG_MAX get
> rejected, but values between UINT32_MAX+1 and ULONG_MAX get silently
> truncated. Fix to reject them, too.
>
> While there, use qemu_strtoul() instead of strtoul() so checkpatch.pl
> won't complain.
WOuldn't qemu_strtoui do the num > UINT32_MAX for you?
Dave
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
> hw/pci/pcie_aer.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
> index eff62f3945..ccca5a81cc 100644
> --- a/hw/pci/pcie_aer.c
> +++ b/hw/pci/pcie_aer.c
> @@ -30,6 +30,7 @@
> #include "hw/pci/pci_bus.h"
> #include "hw/pci/pcie_regs.h"
> #include "qapi/error.h"
> +#include "qemu/cutils.h"
>
> //#define DEBUG_PCIE
> #ifdef DEBUG_PCIE
> @@ -963,6 +964,7 @@ static int do_pcie_aer_inject_error(Monitor *mon,
> const char *id = qdict_get_str(qdict, "id");
> const char *error_name;
> uint32_t error_status;
> + unsigned long num;
> bool correctable;
> PCIDevice *dev;
> PCIEAERErr err;
> @@ -983,14 +985,14 @@ static int do_pcie_aer_inject_error(Monitor *mon,
>
> error_name = qdict_get_str(qdict, "error_status");
> if (pcie_aer_parse_error_string(error_name, &error_status, &correctable)) {
> - char *e = NULL;
> - error_status = strtoul(error_name, &e, 0);
> - correctable = qdict_get_try_bool(qdict, "correctable", false);
> - if (!e || *e != '\0') {
> + if (qemu_strtoul(error_name, NULL, 0, &num) < 0
> + || num > UINT32_MAX) {
> monitor_printf(mon, "invalid error status value. \"%s\"",
> error_name);
> return -EINVAL;
> }
> + error_status = num;
> + correctable = qdict_get_try_bool(qdict, "correctable", false);
> }
> err.status = error_status;
> err.source_id = pci_requester_id(dev);
> --
> 2.37.3
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-11-29 12:16 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-28 8:01 [PATCH 00/12] pci: Move and clean up monitor command code Markus Armbruster
2022-11-28 8:01 ` [PATCH 01/12] pci: Clean up a few things checkpatch.pl would flag later on Markus Armbruster
2022-11-28 8:27 ` Philippe Mathieu-Daudé
2022-11-28 8:01 ` [PATCH 02/12] pci: Move QMP commands to new hw/pci/pci-qmp-cmds.c Markus Armbruster
2022-11-28 8:01 ` [PATCH 03/12] pci: Move HMP commands from monitor/ to new hw/pci/pci-hmp-cmds.c Markus Armbruster
2022-11-28 8:27 ` Philippe Mathieu-Daudé
2022-11-28 12:09 ` Dr. David Alan Gilbert
2022-11-28 8:01 ` [PATCH 04/12] pci: Make query-pci stub consistent with the real one Markus Armbruster
2022-11-29 12:03 ` Dr. David Alan Gilbert
2022-11-28 8:01 ` [PATCH 05/12] pci: Build hw/pci/pci-hmp-cmds.c only when CONFIG_PCI Markus Armbruster
2022-11-28 8:26 ` Philippe Mathieu-Daudé
2022-11-28 10:21 ` Markus Armbruster
2022-11-28 10:26 ` Michael S. Tsirkin
2022-11-28 12:24 ` Dr. David Alan Gilbert
2022-11-28 13:38 ` Markus Armbruster
2022-11-28 14:27 ` Dr. David Alan Gilbert
2022-11-28 8:01 ` [PATCH 06/12] pci: Deduplicate get_class_desc() Markus Armbruster
2022-11-28 8:01 ` [PATCH 07/12] pci: Move pcibus_dev_print() to pci-hmp-cmds.c Markus Armbruster
2022-11-28 8:24 ` Philippe Mathieu-Daudé
2022-11-28 8:01 ` [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error argument Markus Armbruster
2022-11-29 12:14 ` Dr. David Alan Gilbert [this message]
2022-11-30 18:40 ` Markus Armbruster
2022-11-28 8:01 ` [PATCH 09/12] pci: Move HMP command from hw/pci/pcie_aer.c to pci-hmp-cmds.c Markus Armbruster
2022-11-28 8:21 ` Philippe Mathieu-Daudé
2022-11-28 11:50 ` Markus Armbruster
2022-11-28 8:02 ` [PATCH 10/12] pci: Inline do_pcie_aer_inject_error() into its only caller Markus Armbruster
2022-11-29 19:59 ` Dr. David Alan Gilbert
2022-11-28 8:02 ` [PATCH 11/12] pci: Rename hmp_pcie_aer_inject_error()'s local variable @err Markus Armbruster
2022-11-28 8:21 ` Philippe Mathieu-Daudé
2022-11-28 8:02 ` [PATCH 12/12] pci: Improve do_pcie_aer_inject_error()'s error messages Markus Armbruster
2022-11-29 19:42 ` Dr. David Alan Gilbert
2022-11-28 9:25 ` [PATCH 00/12] pci: Move and clean up monitor command code Michael S. Tsirkin
2022-11-28 11:52 ` Markus Armbruster
2022-11-28 10:27 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y4X3vt1M+boYDm7Q@work-vm \
--to=dgilbert@redhat.com \
--cc=armbru@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.