aboutsummaryrefslogtreecommitdiff
path: root/hw/pci
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2020-12-01 09:42:23 -0500
committerPaolo Bonzini <pbonzini@redhat.com>2020-12-15 12:52:00 -0500
commit58cf0f86d4ab6b78d11850557c5335ecfd2d2696 (patch)
tree97d42a938a8ab41b6f93152da1702936bd70eea0 /hw/pci
parentc9ca89a9079688b3832b0ad3d7baf6418320dc64 (diff)
downloadqemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.zip
qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.tar.gz
qemu-58cf0f86d4ab6b78d11850557c5335ecfd2d2696.tar.bz2
msix: assert that accesses are within bounds
This makes the testcase from the next patch fail. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/pci')
-rw-r--r--hw/pci/msix.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/pci/msix.c b/hw/pci/msix.c
index 67e34f3..36491ee 100644
--- a/hw/pci/msix.c
+++ b/hw/pci/msix.c
@@ -179,6 +179,7 @@ static uint64_t msix_table_mmio_read(void *opaque, hwaddr addr,
{
PCIDevice *dev = opaque;
+ assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
return pci_get_long(dev->msix_table + addr);
}
@@ -189,6 +190,8 @@ static void msix_table_mmio_write(void *opaque, hwaddr addr,
int vector = addr / PCI_MSIX_ENTRY_SIZE;
bool was_masked;
+ assert(addr + size <= dev->msix_entries_nr * PCI_MSIX_ENTRY_SIZE);
+
was_masked = msix_is_masked(dev, vector);
pci_set_long(dev->msix_table + addr, val);
msix_handle_mask_update(dev, vector, was_masked);