From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42789)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Wzluy-0003KT-AP
	for qemu-devel@nongnu.org; Wed, 25 Jun 2014 08:03:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Wzlus-0000ru-Nq
	for qemu-devel@nongnu.org; Wed, 25 Jun 2014 08:03:12 -0400
Received: from mx1.redhat.com ([209.132.183.28]:6217)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1Wzlus-0000re-GD
	for qemu-devel@nongnu.org; Wed, 25 Jun 2014 08:03:06 -0400
Date: Wed, 25 Jun 2014 15:03:30 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20140625120330.GA13856@redhat.com>
References: <1403690348-19267-1-git-send-email-syeon.hwang@samsung.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1403690348-19267-1-git-send-email-syeon.hwang@samsung.com>
Subject: Re: [Qemu-devel] [PATCH] pci: add checking whether the device is
 realized before unlinking the capability
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: SeokYeon Hwang <syeon.hwang@samsung.com>
Cc: qemu-devel@nongnu.org

On Wed, Jun 25, 2014 at 06:59:08PM +0900, SeokYeon Hwang wrote:
> In case of the unrealized "pdev", memory can be illegally accessed and corrupted.
> Refer to device_unparent() in the commit 5c21ce77d7e5643089ceec556c0408445d017f32.
> 
> Change-Id: Iacb195a092c86d4c677ad0404582af104b2251ae
> Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>

Another case of qemu mailing list dropping patches :(
I will bounce it now so people can see the original
message.


> ---
>  hw/pci/pci.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> index 49eca95..bb7f0c5 100644
> --- a/hw/pci/pci.c
> +++ b/hw/pci/pci.c
> @@ -2056,7 +2056,12 @@ int pci_add_capability(PCIDevice *pdev, uint8_t cap_id,
>  /* Unlink capability from the pci config space. */
>  void pci_del_capability(PCIDevice *pdev, uint8_t cap_id, uint8_t size)
>  {
> -    uint8_t prev, offset = pci_find_capability_list(pdev, cap_id, &prev);
> +    uint8_t prev, offset;
> +    /* Check whether the device is realized or not */
> +    if (!pdev->qdev.realized) {
> +        return;
> +    }
> +    offset = pci_find_capability_list(pdev, cap_id, &prev);
>      if (!offset)
>          return;
>      pdev->config[prev] = pdev->config[offset + PCI_CAP_LIST_NEXT];
> -- 
> 1.9.1