diff options
author | Paolo Bonzini <pbonzini@redhat.com> | 2020-12-01 09:42:23 -0500 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2020-12-15 12:52:00 -0500 |
commit | 58cf0f86d4ab6b78d11850557c5335ecfd2d2696 (patch) | |
tree | 97d42a938a8ab41b6f93152da1702936bd70eea0 /hw/pci | |
parent | c9ca89a9079688b3832b0ad3d7baf6418320dc64 (diff) | |
download | qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.zip qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.tar.gz qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.tar.bz2 |
msix: assert that accesses are within bounds
This makes the testcase from the next patch fail.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/pci')
-rw-r--r-- | hw/pci/msix.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/pci/msix.c b/hw/pci/msix.c index 67e34f3..36491ee 100644 --- a/hw/pci/msix.c +++ b/hw/pci/msix.c @@ -179,6 +179,7 @@ static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr, { PCIDevice *dev = opaque; + assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE); return pci_get_long(dev->msix_table + addr); } @@ -189,6 +190,8 @@ static void msix_table_mmio_write(void *opaque, hwaddr addr, int vector = addr / PCI_MSIX_ENTRY_SIZE; bool was_masked; + assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE); + was_masked = msix_is_masked(dev, vector); pci_set_long(dev->msix_table + addr, val); msix_handle_mask_update(dev, vector, was_masked); |