acrn-dev@lists.projectacrn.org | [PATCH 2/2] ACRN: DM: Add endpoint index check in xhci register write

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

[PATCH 2/2] ACRN: DM: Add endpoint index check in xhci register write

Long Liu #36183 Because the endpoint index max value is 32, add the index value check in xhci register write function. Signed-off-by: Liu Long <long.liu@...> --- devicemodel/hw/pci/xhci.c \| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devicemodel/hw/pci/xhci.c b/devicemodel/hw/pci/xhci.c index b5c1365ce..83fbccc35 100644 --- a/devicemodel/hw/pci/xhci.c +++ b/devicemodel/hw/pci/xhci.c @@ -3415,7 +3415,7 @@ pci_xhci_dbregs_write(struct pci_xhci_vdev *xdev, UPRINTF(LDBG, "doorbell write offset 0x%lx: 0x%lx\r\n", offset, value); - if (XHCI_HALTED(xdev)) { + if (XHCI_HALTED(xdev) \|\| XHCI_DB_TARGET_GET(value) > XHCI_MAX_ENDPOINTS) { UPRINTF(LWRN, "pci_xhci: controller halted\r\n"); return; } -- 2.25.1
More All Messages By This Member
Yu Wang #36186 On Tue, Jun 14, 2022 at 09:23:56AM +0800, Liu Long wrote: Because the endpoint index max value is 32, add the index value check in xhci register write function. Signed-off-by: Liu Long <long.liu@...> --- devicemodel/hw/pci/xhci.c \| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devicemodel/hw/pci/xhci.c b/devicemodel/hw/pci/xhci.c index b5c1365ce..83fbccc35 100644 --- a/devicemodel/hw/pci/xhci.c +++ b/devicemodel/hw/pci/xhci.c @@ -3415,7 +3415,7 @@ pci_xhci_dbregs_write(struct pci_xhci_vdev *xdev, UPRINTF(LDBG, "doorbell write offset 0x%lx: 0x%lx\r\n", offset, value); - if (XHCI_HALTED(xdev)) { + if (XHCI_HALTED(xdev) \|\| XHCI_DB_TARGET_GET(value) > XHCI_MAX_ENDPOINTS) { UPRINTF(LWRN, "pci_xhci: controller halted\r\n"); Is there any capability register to indicate the max supported endpoint number? I haven't find it. And why FE driver ring the nonexisting ep? Another thing, this is not controller halted case, please do not re-use the same log. return; } -- 2.25.1
More All Messages By This Member
Yonghua Huang #36188 Hi Yu, toggle quoted messageShow quoted text -----Original Message----- From: Wang, Yu1 <yu1.wang@...> Sent: Tuesday, June 14, 2022 09:15 To: Liu Long <long.liu@...> Cc: Huang, Yonghua <yonghua.huang@...>; acrn- dev@... Subject: Re: [PATCH 2/2] ACRN: DM: Add endpoint index check in xhci register write On Tue, Jun 14, 2022 at 09:23:56AM +0800, Liu Long wrote: Because the endpoint index max value is 32, add the index value check in xhci register write function. Signed-off-by: Liu Long <long.liu@...> --- devicemodel/hw/pci/xhci.c \| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devicemodel/hw/pci/xhci.c b/devicemodel/hw/pci/xhci.c index b5c1365ce..83fbccc35 100644 --- a/devicemodel/hw/pci/xhci.c +++ b/devicemodel/hw/pci/xhci.c @@ -3415,7 +3415,7 @@ pci_xhci_dbregs_write(struct pci_xhci_vdev *xdev, UPRINTF(LDBG, "doorbell write offset 0x%lx: 0x%lx\r\n", offset, value); - if (XHCI_HALTED(xdev)) { + if (XHCI_HALTED(xdev) \|\| XHCI_DB_TARGET_GET(value) > +XHCI_MAX_ENDPOINTS) { UPRINTF(LWRN, "pci_xhci: controller halted\r\n"); Is there any capability register to indicate the max supported endpoint number? I haven't find it. And why FE driver ring the nonexisting ep? This write request is from fuzzing guest, where any value that is compatible with hardware/software interface will be injected, ACRN backend driver should validate any inputs from guest, which is not trusted. Another thing, this is not controller halted case, please do not re-use the same log. return; } -- 2.25.1
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms