From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F05FAC433EF for ; Thu, 21 Apr 2022 16:11:59 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 0505883E8B; Thu, 21 Apr 2022 18:11:45 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="ZAfK+p6h"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 8748F83E57; Thu, 21 Apr 2022 18:11:29 +0200 (CEST) Received: from mail-wm1-x34a.google.com (mail-wm1-x34a.google.com [IPv6:2a00:1450:4864:20::34a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CAE2983E49 for ; Thu, 21 Apr 2022 18:11:26 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=3LoJhYgYKBtExFzH883BB381.zB9H-yBBG85FGF.01AK.01@flex--ascull.bounces.google.com Received: by mail-wm1-x34a.google.com with SMTP id h65-20020a1c2144000000b0038e9ce3b29cso4688437wmh.2 for ; Thu, 21 Apr 2022 09:11:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=pDkuiYv3O1LjmIAMjbCIkB0VJV8gAWgz0VJwRLZz3sw=; b=ZAfK+p6hbr4w/L/BgQl2YZrMhMU7oH3bYpC4YMYhRf5o92/eIxxMvIGz7vO+4NG8d9 nLPV906XX2m9jvycPavN7nDIEN+PQ26o/TvUXgpTps52N+Hn9sFZ+9g779ckXg/vsq4m DvjUWJKq/xaH5TgPbXvV+K0eJVbRhiGsRcDnfpiQC7nht7Sd/hBOSmzLeJweXUzXTIVl OUlXqTAU+dcTgMxanzj9mFNmq2OLUrHZcmP4eOrI9NkCVnK2xvdPWiZqPpo84Ez9cWQ5 5CPbE7Ckzpm3+toTusrlvtFzVpUyJ7E6Y1IbiMLkBcDftfH1ShG8hlb49qisD+e+Vf/8 Ytkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=pDkuiYv3O1LjmIAMjbCIkB0VJV8gAWgz0VJwRLZz3sw=; b=iXuRjctvp/8Ub4VSaYHXRC1HiZQdcdr8s6xQu+P5rserSxcePBxiwjmBVva7GN5QhO 9RsKei3P16NjCqv/nEMT+IteumYyATj+q3eMU9psSud7mRrKiKYgeZ4+y81wJ9BjWD3X mOMySLXhSqP4ZtMrpZlt7lmqYawK0cRT0uGXpGdjKyPUkgILVS5auzo50bpfQ+GYfUDc rVuvoBwPFR0HpW094cADeaCeGohMy655BOswW3YZYuBJxq9nN3FPr+U7tjXfo9IkAfb1 DJGwTdXAhZg/zBEQh3pHwPdM0NN5p5VGeDarFa3XGjKjAQbxL3R6az0Cb4soh682IDcV mLxg== X-Gm-Message-State: AOAM531riDu694JDjIeHlTX4fFT/I74mmhVWBrP0jybTQqJ0XG9R36X8 l4S4TEpuVx339QPtq+H4T3vjatg6ixGf1DjFTvPLnSvlWPDCP3ZK9eeAeK1pH/AFbhI17k6LjPU 2lUYx9/FTp8sS0/0iVD2qJkPatBWQ8G77ksN0+rbE0B0ajQ/1oSLXDsCWBlg= X-Google-Smtp-Source: ABdhPJwm3IAO1HBvovDs6hVNfZ4NmKTfRcoPOwTx4FN/b9GRFg5AaszL/hCk/Pu3dZ/vCaLpT2+cvKInci0= X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510]) (user=ascull job=sendgmr) by 2002:adf:fa86:0:b0:207:aadd:bff5 with SMTP id h6-20020adffa86000000b00207aaddbff5mr325515wrr.469.1650557486217; Thu, 21 Apr 2022 09:11:26 -0700 (PDT) Date: Thu, 21 Apr 2022 16:11:01 +0000 In-Reply-To: <20220421161116.1202023-1-ascull@google.com> Message-Id: <20220421161116.1202023-4-ascull@google.com> Mime-Version: 1.0 References: <20220421161116.1202023-1-ascull@google.com> X-Mailer: git-send-email 2.36.0.rc2.479.g8af0fa9b8e-goog Subject: [PATCH v3 03/18] virtio: pci: Bounds check device config access From: Andrew Scull To: u-boot@lists.denx.de Cc: sjg@chromium.org, bmeng.cn@gmail.com, trini@konsulko.com, Andrew Scull Content-Type: text/plain; charset="UTF-8" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean The device config is optional, so check it was present and mapped before trying to use the pointer. Bounds violations are an error, not just a warning, so bail if the checks fail. Signed-off-by: Andrew Scull Reviewed-by: Bin Meng --- drivers/virtio/virtio_pci_modern.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c index 55d25cb81b..bcf9f18997 100644 --- a/drivers/virtio/virtio_pci_modern.c +++ b/drivers/virtio/virtio_pci_modern.c @@ -114,7 +114,11 @@ static int virtio_pci_get_config(struct udevice *udev, unsigned int offset, __le16 w; __le32 l; - WARN_ON(offset + len > priv->device_len); + if (!priv->device) + return -ENOSYS; + + if (offset + len > priv->device_len) + return -EINVAL; switch (len) { case 1: @@ -136,7 +140,7 @@ static int virtio_pci_get_config(struct udevice *udev, unsigned int offset, memcpy(buf + sizeof(l), &l, sizeof(l)); break; default: - WARN_ON(true); + return -EINVAL; } return 0; @@ -150,7 +154,11 @@ static int virtio_pci_set_config(struct udevice *udev, unsigned int offset, __le16 w; __le32 l; - WARN_ON(offset + len > priv->device_len); + if (!priv->device) + return -ENOSYS; + + if (offset + len > priv->device_len) + return -EINVAL; switch (len) { case 1: @@ -172,7 +180,7 @@ static int virtio_pci_set_config(struct udevice *udev, unsigned int offset, iowrite32(le32_to_cpu(l), priv->device + offset + sizeof(l)); break; default: - WARN_ON(true); + return -EINVAL; } return 0; -- 2.36.0.rc2.479.g8af0fa9b8e-goog