[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error ar
|
From: |
Markus Armbruster |
|
Subject: |
Re: [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error argument |
|
Date: |
Wed, 30 Nov 2022 19:40:33 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
"Dr. David Alan Gilbert" <dgilbert@redhat.com> writes:
> * Markus Armbruster (armbru@redhat.com) wrote:
>> PCI AER error status is 32 bit. When the HMP command's second
>> argument parses as a number, values greater than ULONG_MAX get
>> rejected, but values between UINT32_MAX+1 and ULONG_MAX get silently
>> truncated. Fix to reject them, too.
>>
>> While there, use qemu_strtoul() instead of strtoul() so checkpatch.pl
>> won't complain.
>
> WOuldn't qemu_strtoui do the num > UINT32_MAX for you?
Yes, that's better.
> Dave
>
>> Signed-off-by: Markus Armbruster <armbru@redhat.com>
>> ---
>> hw/pci/pcie_aer.c | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/hw/pci/pcie_aer.c b/hw/pci/pcie_aer.c
>> index eff62f3945..ccca5a81cc 100644
>> --- a/hw/pci/pcie_aer.c
>> +++ b/hw/pci/pcie_aer.c
>> @@ -30,6 +30,7 @@
>> #include "hw/pci/pci_bus.h"
>> #include "hw/pci/pcie_regs.h"
>> #include "qapi/error.h"
>> +#include "qemu/cutils.h"
>>
>> //#define DEBUG_PCIE
>> #ifdef DEBUG_PCIE
>> @@ -963,6 +964,7 @@ static int do_pcie_aer_inject_error(Monitor *mon,
>> const char *id = qdict_get_str(qdict, "id");
>> const char *error_name;
>> uint32_t error_status;
>> + unsigned long num;
>> bool correctable;
>> PCIDevice *dev;
>> PCIEAERErr err;
>> @@ -983,14 +985,14 @@ static int do_pcie_aer_inject_error(Monitor *mon,
>>
>> error_name = qdict_get_str(qdict, "error_status");
>> if (pcie_aer_parse_error_string(error_name, &error_status,
>> &correctable)) {
>> - char *e = NULL;
>> - error_status = strtoul(error_name, &e, 0);
>> - correctable = qdict_get_try_bool(qdict, "correctable", false);
>> - if (!e || *e != '\0') {
>> + if (qemu_strtoul(error_name, NULL, 0, &num) < 0
>> + || num > UINT32_MAX) {
>> monitor_printf(mon, "invalid error status value. \"%s\"",
>> error_name);
>> return -EINVAL;
>> }
>> + error_status = num;
>> + correctable = qdict_get_try_bool(qdict, "correctable", false);
>> }
>> err.status = error_status;
>> err.source_id = pci_requester_id(dev);
>> --
>> 2.37.3
>>
- [PATCH 00/12] pci: Move and clean up monitor command code, Markus Armbruster, 2022/11/28
- [PATCH 01/12] pci: Clean up a few things checkpatch.pl would flag later on, Markus Armbruster, 2022/11/28
- [PATCH 03/12] pci: Move HMP commands from monitor/ to new hw/pci/pci-hmp-cmds.c, Markus Armbruster, 2022/11/28
- [PATCH 08/12] pci: Fix silent truncation of pcie_aer_inject_error argument, Markus Armbruster, 2022/11/28
- [PATCH 10/12] pci: Inline do_pcie_aer_inject_error() into its only caller, Markus Armbruster, 2022/11/28
- [PATCH 11/12] pci: Rename hmp_pcie_aer_inject_error()'s local variable @err, Markus Armbruster, 2022/11/28
- [PATCH 07/12] pci: Move pcibus_dev_print() to pci-hmp-cmds.c, Markus Armbruster, 2022/11/28
- [PATCH 12/12] pci: Improve do_pcie_aer_inject_error()'s error messages, Markus Armbruster, 2022/11/28
- [PATCH 02/12] pci: Move QMP commands to new hw/pci/pci-qmp-cmds.c, Markus Armbruster, 2022/11/28
- [PATCH 04/12] pci: Make query-pci stub consistent with the real one, Markus Armbruster, 2022/11/28