From 94b28b9158b1ea96b2dbfefe9b79e38fc6a35a9c Mon Sep 17 00:00:00 2001 From: Andrew Scull Date: Thu, 21 Apr 2022 16:11:01 +0000 Subject: [PATCH] virtio: pci: Bounds check device config access The device config is optional, so check it was present and mapped before trying to use the pointer. Bounds violations are an error, not just a warning, so bail if the checks fail. Signed-off-by: Andrew Scull Reviewed-by: Bin Meng --- drivers/virtio/virtio_pci_modern.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/virtio/virtio_pci_modern.c b/drivers/virtio/virtio_pci_modern.c index 55d25cb81b..bcf9f18997 100644 --- a/drivers/virtio/virtio_pci_modern.c +++ b/drivers/virtio/virtio_pci_modern.c @@ -114,7 +114,11 @@ static int virtio_pci_get_config(struct udevice *udev, unsigned int offset, __le16 w; __le32 l; - WARN_ON(offset + len > priv->device_len); + if (!priv->device) + return -ENOSYS; + + if (offset + len > priv->device_len) + return -EINVAL; switch (len) { case 1: @@ -136,7 +140,7 @@ static int virtio_pci_get_config(struct udevice *udev, unsigned int offset, memcpy(buf + sizeof(l), &l, sizeof(l)); break; default: - WARN_ON(true); + return -EINVAL; } return 0; @@ -150,7 +154,11 @@ static int virtio_pci_set_config(struct udevice *udev, unsigned int offset, __le16 w; __le32 l; - WARN_ON(offset + len > priv->device_len); + if (!priv->device) + return -ENOSYS; + + if (offset + len > priv->device_len) + return -EINVAL; switch (len) { case 1: @@ -172,7 +180,7 @@ static int virtio_pci_set_config(struct udevice *udev, unsigned int offset, iowrite32(le32_to_cpu(l), priv->device + offset + sizeof(l)); break; default: - WARN_ON(true); + return -EINVAL; } return 0; -- 2.39.5