diff options
| author | Paolo Bonzini | 2020-12-01 15:42:23 +0100 |
|---|---|---|
| committer | Paolo Bonzini | 2020-12-15 18:52:00 +0100 |
| commit | 58cf0f86d4ab6b78d11850557c5335ecfd2d2696 (patch) | |
| tree | 97d42a938a8ab41b6f93152da1702936bd70eea0 /hw | |
| parent | qtest/pvpanic: Test panic option that allows VM to continue (diff) | |
| download | qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.tar.gz qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.tar.xz qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.zip | |
msix: assert that accesses are within bounds
This makes the testcase from the next patch fail.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/pci/msix.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/pci/msix.c b/hw/pci/msix.c index 67e34f34d6..36491ee52b 100644 --- a/hw/pci/msix.c +++ b/hw/pci/msix.c @@ -179,6 +179,7 @@ static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr, { PCIDevice *dev = opaque; + assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE); return pci_get_long(dev->msix_table + addr); } @@ -189,6 +190,8 @@ static void msix_table_mmio_write(void *opaque, hwaddr addr, int vector = addr / PCI_MSIX_ENTRY_SIZE; bool was_masked; + assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE); + was_masked = msix_is_masked(dev, vector); pci_set_long(dev->msix_table + addr, val); msix_handle_mask_update(dev, vector, was_masked); |