[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in
|
From: |
Jason Wang |
|
Subject: |
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in virtio_address_space_read()/write() |
|
Date: |
Mon, 13 Jul 2015 16:37:29 +0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 |
On 07/13/2015 03:36 PM, Michael S. Tsirkin wrote:
> On Mon, Jul 13, 2015 at 01:46:47PM +0800, Jason Wang wrote:
>> We abort on unaligned read/write in
>> virtio_address_space_read()/write() but since len in under control of
>> guest so qemu will simply crash when booting a modern guest (guest is
>> try to read when len is zero).
>> read.
> How can len be 0? Isn't this a guest bug? Or is this
> a theoretical issue?
E.g cat /sys/bus/pci/devices/0000\:00\:03.0/config
and also happen during boot (but not virtio specific code, probably pci
core or something else).
>
>> Fix this by ignoring unaligned write or
>>
>> Fixes 1e40356ce5f6ccfa0bb57104a533c62952c560ce
>> ("virtio fix cfg endian-ness for BE targets")
>> Signed-off-by: Jason Wang <address@hidden>
> I guess since we ignore some illegal values (e.g. > 4)
> we should just whitelist the legal ones.
> So the following looks like a slightly cleaner way to
> make this change.
>
> --->
> virtio-pci: don't crash on illegal length
>
> Some guests seem to access cfg with an illegal length value.
> It's worth fixing them but debugging is easier if
> qemu does not crash.
>
> Signed-off-by: Michael S. Tsirkin <address@hidden>
I believe when we can, we should avoid guest trigger-able abort.
>
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index 6ca0258..c5e8cc0 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -546,7 +546,8 @@ static void virtio_write_config(PCIDevice *pci_dev,
> uint32_t address,
> off = le32_to_cpu(cfg->cap.offset);
> len = le32_to_cpu(cfg->cap.length);
>
> - if (len <= sizeof cfg->pci_cfg_data) {
> + if (len == 1 || len == 2 || len == 4) {
> + assert(len <= sizeof cfg->pci_cfg_data);
> virtio_address_space_write(&proxy->modern_as, off,
> cfg->pci_cfg_data, len);
> }
> @@ -570,7 +571,8 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev,
> off = le32_to_cpu(cfg->cap.offset);
> len = le32_to_cpu(cfg->cap.length);
>
> - if (len <= sizeof cfg->pci_cfg_data) {
> + if (len == 1 || len == 2 || len == 4) {
> + assert(len <= sizeof cfg->pci_cfg_data);
> virtio_address_space_read(&proxy->modern_as, off,
> cfg->pci_cfg_data, len);
> }
>
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in virtio_address_space_read()/write(), Michael S. Tsirkin, 2015/07/13
Re: [Qemu-devel] [PATCH 1/5] virtio-pci: ignore unaligned read/write in virtio_address_space_read()/write(),
Jason Wang <=