[Qemu-devel] [PATCH 20/26] pseries: Use correct dispatcher for PCI config space accesses

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Alexander Graf <agraf@suse.de>
To: qemu-ppc@nongnu.org
Cc: Blue Swirl <blauwirbel@gmail.com>,
	qemu-devel Developers <qemu-devel@nongnu.org>,
	Aurelien Jarno <aurelien@aurel32.net>,
	David Gibson <david@gibson.dropbear.id.au>
Subject: [Qemu-devel] [PATCH 20/26] pseries: Use correct dispatcher for PCI config space accesses
Date: Sat, 21 Jan 2012 05:19:05 +0100	[thread overview]
Message-ID: <1327119551-29674-21-git-send-email-agraf@suse.de> (raw)
In-Reply-To: <1327119551-29674-1-git-send-email-agraf@suse.de>

From: David Gibson <david@gibson.dropbear.id.au>

The pseries machine expects a para-virtualized guest and so supplies RTAS
functions (via a hypercall) for performing PCI config space access.
Currently the implementation of these calls into
pci_default_{read,write}_config().  However this would be incorrect for
any PCI device which overrides the default config read/write functions.
AFAICT there's only one such device today, but we should still get it
right.  In addition the pci_host_config_{read,write}_common() functions
which do correctly do this dispatch, perform bounds checking on the config
space address, lack of which currently leads to an exploitable bug.

This patch corrects the problem.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
---
 hw/spapr_pci.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c
index 2550e19..f3f9246 100644
--- a/hw/spapr_pci.c
+++ b/hw/spapr_pci.c
@@ -82,7 +82,7 @@ static void rtas_ibm_read_pci_config(sPAPREnvironment *spapr,
     }
     size = rtas_ld(args, 3);
     addr = rtas_pci_cfgaddr(rtas_ld(args, 0));
-    val = pci_default_read_config(dev, addr, size);
+    val = pci_host_config_read_common(dev, addr, pci_config_size(dev), size);
     rtas_st(rets, 0, 0);
     rtas_st(rets, 1, val);
 }
@@ -101,7 +101,7 @@ static void rtas_read_pci_config(sPAPREnvironment *spapr,
     }
     size = rtas_ld(args, 1);
     addr = rtas_pci_cfgaddr(rtas_ld(args, 0));
-    val = pci_default_read_config(dev, addr, size);
+    val = pci_host_config_read_common(dev, addr, pci_config_size(dev), size);
     rtas_st(rets, 0, 0);
     rtas_st(rets, 1, val);
 }
@@ -122,7 +122,7 @@ static void rtas_ibm_write_pci_config(sPAPREnvironment *spapr,
     val = rtas_ld(args, 4);
     size = rtas_ld(args, 3);
     addr = rtas_pci_cfgaddr(rtas_ld(args, 0));
-    pci_default_write_config(dev, addr, val, size);
+    pci_host_config_write_common(dev, addr, pci_config_size(dev), val, size);
     rtas_st(rets, 0, 0);
 }
 
@@ -141,7 +141,7 @@ static void rtas_write_pci_config(sPAPREnvironment *spapr,
     val = rtas_ld(args, 2);
     size = rtas_ld(args, 1);
     addr = rtas_pci_cfgaddr(rtas_ld(args, 0));
-    pci_default_write_config(dev, addr, val, size);
+    pci_host_config_write_common(dev, addr, pci_config_size(dev), val, size);
     rtas_st(rets, 0, 0);
 }
 
-- 
1.6.0.2

next prev parent reply	other threads:[~2012-01-21  4:19 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-21  4:18 [Qemu-devel] [PULL 00/26] ppc patch queue 2012-01-21 Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 01/26] PPC: 440EP: Initialize timer Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 02/26] PPC: Bamboo: Register CPU reset Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 03/26] PPC: Bamboo: Set initial TLB entry Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 04/26] PPC: 440: Ignore invalid PCI IRQs Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 05/26] PPC: Bamboo: recompile device tree Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 06/26] PPC: 440: Default to 440EP CPU Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 07/26] PPC: Enable 440EP CPU target Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 08/26] PPC: bamboo: remove old machine descriptions Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 09/26] PPC: bamboo: fix whitespace Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 10/26] PPC: 4xx: Qdevify the 440 PCI host controller Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 11/26] PPC: Bamboo: fold ppc440.c and ppc440_bamboo.c into a single file Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 12/26] PPC: Bamboo: Integrate SoC instatiation, use qdev for PCI Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 13/26] virtio-pci: Fix endianness of virtio config Alexander Graf
2012-01-21  4:18 ` [Qemu-devel] [PATCH 14/26] virtio: change memcpy to guest reads Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 15/26] load_image_targphys() should enforce the max size Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 16/26] Fix dirty logging with 32-bit qemu & 64-bit guests Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 17/26] Update gitignore file Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 18/26] Correct types in bmdma_addr_{read, write} Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 19/26] pseries: Support PCI extended config space in RTAS calls Alexander Graf
2012-01-21  4:19 ` Alexander Graf [this message]
2012-01-21  4:19 ` [Qemu-devel] [PATCH 21/26] pseries: SLOF PCI flag day Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 22/26] MAINTAINERS: Add qemu-ppc to all ppc target stuff Alexander Graf
2012-01-21  7:22   ` Andreas Färber
2012-01-21  4:19 ` [Qemu-devel] [PATCH 23/26] MAINTAINERS: Add PCI host bridge files to CHRP machines Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 24/26] PPC: Pseries: Check for PCI boundaries Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 25/26] MAINTAINERS: Add PCI-PCI bridge to New World Mac machine Alexander Graf
2012-01-21  4:19 ` [Qemu-devel] [PATCH 26/26] grackle_pci: Clean up qdev names Alexander Graf
2012-01-21 20:02 ` [Qemu-devel] [PULL 00/26] ppc patch queue 2012-01-21 Blue Swirl

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2550e19 dfblob:f3f9246 )
 OR (
bs:"[Qemu-devel] [PATCH 20/26] pseries: Use correct dispatcher for PCI config space accesses" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1327119551-29674-21-git-send-email-agraf@suse.de \
    --to=agraf@suse.de \
    --cc=aurelien@aurel32.net \
    --cc=blauwirbel@gmail.com \
    --cc=david@gibson.dropbear.id.au \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-ppc@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).