From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, mst@redhat.com, marcel.apfelbaum@gmail.com
Subject: Re: [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error argument
Date: Tue, 29 Nov 2022 12:14:54 +0000 [thread overview]
Message-ID: <Y4X3vt1M+boYDm7Q@work-vm> (raw)
In-Reply-To: <20221128080202.2570543-9-armbru@redhat.com>
* Markus Armbruster (armbru@redhat.com) wrote:
> PCI AER error status is 32 bit. When the HMP command's second
> argument parses as a number, values greater than ULONG_MAX get
> rejected, but values between UINT32_MAX+1 and ULONG_MAX get silently
> truncated. Fix to reject them, too.
>
> While there, use qemu_strtoul() instead of strtoul() so checkpatch.pl
> won't complain.
WOuldn't qemu_strtoui do the num > UINT32_MAX for you?
Dave
> Signed-off-by: Markus Armbruster <armbru@redhat.com>
> ---
> hw/pci/pcie_aer.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
> index eff62f3945..ccca5a81cc 100644
> --- a/hw/pci/pcie_aer.c
> +++ b/hw/pci/pcie_aer.c
> @@ -30,6 +30,7 @@
> #include "hw/pci/pci_bus.h"
> #include "hw/pci/pcie_regs.h"
> #include "qapi/error.h"
> +#include "qemu/cutils.h"
>
> //#define DEBUG_PCIE
> #ifdef DEBUG_PCIE
> @@ -963,6 +964,7 @@ static int do_pcie_aer_inject_error(Monitor *mon,
> const char *id = qdict_get_str(qdict, "id");
> const char *error_name;
> uint32_t error_status;
> + unsigned long num;
> bool correctable;
> PCIDevice *dev;
> PCIEAERErr err;
> @@ -983,14 +985,14 @@ static int do_pcie_aer_inject_error(Monitor *mon,
>
> error_name = qdict_get_str(qdict, "error_status");
> if (pcie_aer_parse_error_string(error_name, &error_status, &correctable)) {
> - char *e = NULL;
> - error_status = strtoul(error_name, &e, 0);
> - correctable = qdict_get_try_bool(qdict, "correctable", false);
> - if (!e || *e != '\0') {
> + if (qemu_strtoul(error_name, NULL, 0, &num) < 0
> + || num > UINT32_MAX) {
> monitor_printf(mon, "invalid error status value. \"%s\"",
> error_name);
> return -EINVAL;
> }
> + error_status = num;
> + correctable = qdict_get_try_bool(qdict, "correctable", false);
> }
> err.status = error_status;
> err.source_id = pci_requester_id(dev);
> --
> 2.37.3
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-11-29 12:16 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-28 8:01 [PATCH 00/12] pci: Move and clean up monitor command code Markus Armbruster
2022-11-28 8:01 ` [PATCH 01/12] pci: Clean up a few things checkpatch.pl would flag later on Markus Armbruster
2022-11-28 8:27 ` Philippe Mathieu-Daudé
2022-11-28 8:01 ` [PATCH 02/12] pci: Move QMP commands to new hw/pci/pci-qmp-cmds.c Markus Armbruster
2022-11-28 8:01 ` [PATCH 03/12] pci: Move HMP commands from monitor/ to new hw/pci/pci-hmp-cmds.c Markus Armbruster
2022-11-28 8:27 ` Philippe Mathieu-Daudé
2022-11-28 12:09 ` Dr. David Alan Gilbert
2022-11-28 8:01 ` [PATCH 04/12] pci: Make query-pci stub consistent with the real one Markus Armbruster
2022-11-29 12:03 ` Dr. David Alan Gilbert
2022-11-28 8:01 ` [PATCH 05/12] pci: Build hw/pci/pci-hmp-cmds.c only when CONFIG_PCI Markus Armbruster
2022-11-28 8:26 ` Philippe Mathieu-Daudé
2022-11-28 10:21 ` Markus Armbruster
2022-11-28 10:26 ` Michael S. Tsirkin
2022-11-28 12:24 ` Dr. David Alan Gilbert
2022-11-28 13:38 ` Markus Armbruster
2022-11-28 14:27 ` Dr. David Alan Gilbert
2022-11-28 8:01 ` [PATCH 06/12] pci: Deduplicate get_class_desc() Markus Armbruster
2022-11-28 8:01 ` [PATCH 07/12] pci: Move pcibus_dev_print() to pci-hmp-cmds.c Markus Armbruster
2022-11-28 8:24 ` Philippe Mathieu-Daudé
2022-11-28 8:01 ` [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error argument Markus Armbruster
2022-11-29 12:14 ` Dr. David Alan Gilbert [this message]
2022-11-30 18:40 ` Markus Armbruster
2022-11-28 8:01 ` [PATCH 09/12] pci: Move HMP command from hw/pci/pcie_aer.c to pci-hmp-cmds.c Markus Armbruster
2022-11-28 8:21 ` Philippe Mathieu-Daudé
2022-11-28 11:50 ` Markus Armbruster
2022-11-28 8:02 ` [PATCH 10/12] pci: Inline do_pcie_aer_inject_error() into its only caller Markus Armbruster
2022-11-29 19:59 ` Dr. David Alan Gilbert
2022-11-28 8:02 ` [PATCH 11/12] pci: Rename hmp_pcie_aer_inject_error()'s local variable @err Markus Armbruster
2022-11-28 8:21 ` Philippe Mathieu-Daudé
2022-11-28 8:02 ` [PATCH 12/12] pci: Improve do_pcie_aer_inject_error()'s error messages Markus Armbruster
2022-11-29 19:42 ` Dr. David Alan Gilbert
2022-11-28 9:25 ` [PATCH 00/12] pci: Move and clean up monitor command code Michael S. Tsirkin
2022-11-28 11:52 ` Markus Armbruster
2022-11-28 10:27 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y4X3vt1M+boYDm7Q@work-vm \
--to=dgilbert@redhat.com \
--cc=armbru@redhat.com \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).