hw/pci/pci.c | 3 +++ 1 file changed, 3 insertions(+)
pci_irq_handler documents that it must be called with 0 <= irq_num <=
3 and level either 0 or 1. Add assertions that the caller has passed
us in valid arguments.
In particular, if a device model fails to set the PCI_INTERRUPT_PIN
field in its config space correctly to indicate that it has an
interrupt, and then tries to raise an interrupt (either by calling
pci_set_irq(), or by getting a qemu_irq from pci_allocate_irq() and
then calling qemu_set_irq() on that) we will now diagnose this device
model bug with an assertion rather than engaging in the undefined
behaviour of shifting by a negative number.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/pci/pci.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 0eadcdbc9ec..38aefe22ab3 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1449,6 +1449,9 @@ static void pci_irq_handler(void *opaque, int irq_num, int level)
PCIDevice *pci_dev = opaque;
int change;
+ assert(irq_num >= 0 && irq_num < PCI_NUM_PINS);
+ assert(level == 0 || level == 1);
+
change = level - pci_irq_state(pci_dev, irq_num);
if (!change)
return;
--
2.20.1
On 3/23/21 5:46 PM, Peter Maydell wrote: > pci_irq_handler documents that it must be called with 0 <= irq_num <= > 3 and level either 0 or 1. Add assertions that the caller has passed > us in valid arguments. > > In particular, if a device model fails to set the PCI_INTERRUPT_PIN > field in its config space correctly to indicate that it has an > interrupt, and then tries to raise an interrupt (either by calling > pci_set_irq(), or by getting a qemu_irq from pci_allocate_irq() and > then calling qemu_set_irq() on that) we will now diagnose this device > model bug with an assertion rather than engaging in the undefined > behaviour of shifting by a negative number. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > hw/pci/pci.c | 3 +++ > 1 file changed, 3 insertions(+) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
I included (mostly) same patch into my patch series just for patch completeness. Please choose whichever you like. Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com> On Tue, Mar 23, 2021 at 04:46:01PM +0000, Peter Maydell <peter.maydell@linaro.org> wrote: > pci_irq_handler documents that it must be called with 0 <= irq_num <= > 3 and level either 0 or 1. Add assertions that the caller has passed > us in valid arguments. > > In particular, if a device model fails to set the PCI_INTERRUPT_PIN > field in its config space correctly to indicate that it has an > interrupt, and then tries to raise an interrupt (either by calling > pci_set_irq(), or by getting a qemu_irq from pci_allocate_irq() and > then calling qemu_set_irq() on that) we will now diagnose this device > model bug with an assertion rather than engaging in the undefined > behaviour of shifting by a negative number. > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > --- > hw/pci/pci.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/hw/pci/pci.c b/hw/pci/pci.c > index 0eadcdbc9ec..38aefe22ab3 100644 > --- a/hw/pci/pci.c > +++ b/hw/pci/pci.c > @@ -1449,6 +1449,9 @@ static void pci_irq_handler(void *opaque, int irq_num, int level) > PCIDevice *pci_dev = opaque; > int change; > > + assert(irq_num >= 0 && irq_num < PCI_NUM_PINS); > + assert(level == 0 || level == 1); > + > change = level - pci_irq_state(pci_dev, irq_num); > if (!change) > return; > -- > 2.20.1 > > -- Isaku Yamahata <isaku.yamahata@gmail.com>
© 2016 - 2024 Red Hat, Inc.