Re: [PATCH v2 1/2] ait-vga: check address before reading configuration bytes

2020-06-04 Thread Michael S. Tsirkin
On Thu, Jun 04, 2020 at 02:48:59PM +0530, P J P wrote: > Hello Phil, > > +-- On Thu, 4 Jun 2020, Philippe Mathieu-Daudé wrote --+ > | >> @@ -1381,6 +1381,8 @@ uint32_t pci_default_read_config(PCIDevice *d, > | >> +    assert(address + len <= pci_config_size(d)); > | > | Yes, maybe I was not

Re: [PATCH v2 1/2] ait-vga: check address before reading configuration bytes

2020-06-04 Thread P J P
Hello Phil, +-- On Thu, 4 Jun 2020, Philippe Mathieu-Daudé wrote --+ | >> @@ -1381,6 +1381,8 @@ uint32_t pci_default_read_config(PCIDevice *d, | >> +    assert(address + len <= pci_config_size(d)); | | Yes, maybe I was not clear while reviewing v1, we need to audit the | callers and fix them fi

Re: [PATCH v2 1/2] ait-vga: check address before reading configuration bytes

2020-06-04 Thread Daniel P . Berrangé
Typo: s/ait/ati/ On Thu, Jun 04, 2020 at 01:52:50AM +0530, P J P wrote: > From: Prasad J Pandit > > While reading PCI configuration bytes, a guest may send an > address towards the end of the configuration space. It may lead > to an OOB access issue. Add check to ensure 'address + size' is > wit

Re: [PATCH v2 1/2] ait-vga: check address before reading configuration bytes

2020-06-03 Thread BALATON Zoltan
On Thu, 4 Jun 2020, P J P wrote: From: Prasad J Pandit While reading PCI configuration bytes, a guest may send an address towards the end of the configuration space. It may lead to an OOB access issue. Add check to ensure 'address + size' is within PCI configuration space. Reported-by: Ren Din

[PATCH v2 1/2] ait-vga: check address before reading configuration bytes

2020-06-03 Thread P J P
From: Prasad J Pandit While reading PCI configuration bytes, a guest may send an address towards the end of the configuration space. It may lead to an OOB access issue. Add check to ensure 'address + size' is within PCI configuration space. Reported-by: Ren Ding Reported-by: Hanqing Zhao Repor