From: Paolo Bonzini <pbonzini@redhat.com>
To: "Laszlo Ersek" <lersek@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
qemu-devel@nongnu.org, "Haibin Zhang" <haibinzhang@tencent.com>,
"David Edmondson" <david.edmondson@oracle.com>
Cc: mst@redhat.com, Markus Armbruster <armbru@redhat.com>,
dgilbert@redhat.com
Subject: Re: [PATCH] pci: add romsize property
Date: Fri, 22 Jan 2021 15:54:56 +0100 [thread overview]
Message-ID: <9edf5fb6-b888-d731-3d25-df003c55109b@redhat.com> (raw)
In-Reply-To: <1c506da5-26bc-9821-5096-16bc1458c342@redhat.com>
On 19/01/21 18:20, Laszlo Ersek wrote:
> I only have superficial comments:
>
> - if we're talking uint32_t, I'd kind of prefer UINT32_MAX to (-1),
> style-wise -- but feel free to ignore
>
> - we should print a uint32_t with ("%" PRIu32), not "%d" (again, only
> pedantry, but PRIu32 is widely used in qemu, AFAICS)
I would use %u, but yeah you're correct.
> - OK, so get_image_size() returns an int64_t, which pci_add_option_rom()
> assigns to an "int" without any range checking.
This is pre-existing, but it should be fixed indeed.
> Then we compare that int
> against the new uint32_t property... or else, on the other branch, we
> assign pow2ceil() -- a uint64_t -- to the new (uint32_t) property.
>
> - In pci_assign_dev_load_option_rom(), "st.st_size" (which is an off_t)
> is assigned to the new property...
>
>
> I find it hard to reason about whether this is safe. I'd suggest first
> cleaning up "int size" in pci_add_option_rom() -- use an int64_t, and
> maybe check it explicitly against some 32-bit limit? --, then introduce
> the new property as uint64_t. (Print it with PRIu64 then, I guess.)
ROM BARs cannot be 64-bit in size. There's just no room in
configuration space for that. Anyway yes pci_add_option_rom() is iffy
and I'll send v2.
Paolo
> BTW there's another aspect of is_power_of_2(): it catches the zero
> value. If the power-of-two check is dropped, I wonder if a zero property
> value could cause a mess, so it might be prudent to catch that
> explicitly. (Precedent: see the (size == 0) check in pci_add_option_rom().)
>
> Anyway, feel free to ignore all of my points; I just find it hard to
> reason about the "logic" when the code is not obviously overflow-free in
> the first place. (I'm not implying there are overflows; the code may be
> free of overflows -- it's just not*obviously* so, to me anyway.)
next prev parent reply other threads:[~2021-01-22 14:56 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-18 18:27 [PATCH] pci: add romsize property Paolo Bonzini
2020-12-18 18:54 ` Dr. David Alan Gilbert
2021-01-19 16:31 ` Peter Xu
2021-01-19 16:51 ` Philippe Mathieu-Daudé
2021-01-19 17:10 ` Paolo Bonzini
2021-01-19 17:19 ` Philippe Mathieu-Daudé
2021-01-19 17:20 ` Laszlo Ersek
2021-01-22 14:54 ` Paolo Bonzini [this message]
2021-01-20 10:14 ` David Edmondson
2021-01-22 14:30 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9edf5fb6-b888-d731-3d25-df003c55109b@redhat.com \
--to=pbonzini@redhat.com \
--cc=armbru@redhat.com \
--cc=david.edmondson@oracle.com \
--cc=dgilbert@redhat.com \
--cc=haibinzhang@tencent.com \
--cc=lersek@redhat.com \
--cc=mst@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).