Re: [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before inde

qemu-arm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before inde

From:	Richard Henderson
Subject:	Re: [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before indexing into collection table
Date:	Fri, 28 Jan 2022 12:44:12 +1100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0

On 1/12/22 04:10, Peter Maydell wrote:

In process_its_cmd(), we read an ICID out of the interrupt table
entry, and then use it as an index into the collection table.  Add a
check that it is within range for the collection table first.

This check is not strictly necessary, because:
  * we range check the ICID from the guest before writing it into
    the interrupt table entry, so the the only way to get an
    out of range ICID in process_its_cmd() is if a badly-behaved
    guest is writing directly to the interrupt table memory
  * the collection table is in guest memory, so QEMU won't fall
    over if we read off the end of it

However, it seems clearer to include the check.

Signed-off-by: Peter Maydell<peter.maydell@linaro.org>
---
  hw/intc/arm_gicv3_its.c | 7 +++++++
  1 file changed, 7 insertions(+)


Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v2 01/13] hw/intc/arm_gicv3_its: Fix event ID bounds checks, (continued)
- [PATCH v2 03/13] hw/intc/arm_gicv3_its: Fix handling of process_its_cmd() return value, Peter Maydell, 2022/01/11
- [PATCH v2 05/13] hw/intc/arm_gicv3_its: Use enum for return value of process_* functions, Peter Maydell, 2022/01/11
- [PATCH v2 07/13] hw/intc/arm_gicv3_its: Refactor process_its_cmd() to reduce nesting, Peter Maydell, 2022/01/11
- [PATCH v2 10/13] hw/intc/arm_gicv3_its: Fix return codes in process_mapd(), Peter Maydell, 2022/01/11
- [PATCH v2 09/13] hw/intc/arm_gicv3_its: Fix return codes in process_mapc(), Peter Maydell, 2022/01/11
- [PATCH v2 11/13] hw/intc/arm_gicv3_its: Factor out "find address of table entry" code, Peter Maydell, 2022/01/11
  - Re: [PATCH v2 11/13] hw/intc/arm_gicv3_its: Factor out "find address of table entry" code, Alex Bennée, 2022/01/18
- [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before indexing into collection table, Peter Maydell, 2022/01/11
  - Re: [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before indexing into collection table, Alex Bennée, 2022/01/18
  - Re: [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before indexing into collection table, Richard Henderson <=
- [PATCH v2 12/13] hw/intc/arm_gicv3_its: Check indexes before use, not after, Peter Maydell, 2022/01/11
  - Re: [PATCH v2 12/13] hw/intc/arm_gicv3_its: Check indexes before use, not after, Alex Bennée, 2022/01/18
  - Re: [PATCH v2 12/13] hw/intc/arm_gicv3_its: Check indexes before use, not after, Richard Henderson, 2022/01/27
- Re: [PATCH v2 00/13] arm gicv3 ITS: Various bug fixes and refactorings, Alex Bennée, 2022/01/18
  - Re: [PATCH v2 00/13] arm gicv3 ITS: Various bug fixes and refactorings, Peter Maydell, 2022/01/18
    - Re: [PATCH v2 00/13] arm gicv3 ITS: Various bug fixes and refactorings, Andre Przywara, 2022/01/18
    - Re: [PATCH v2 00/13] arm gicv3 ITS: Various bug fixes and refactorings, Peter Maydell, 2022/01/19
    - Re: [PATCH v2 00/13] arm gicv3 ITS: Various bug fixes and refactorings, Andre Przywara, 2022/01/19

Prev by Date: Re: [PATCH v2 12/13] hw/intc/arm_gicv3_its: Check indexes before use, not after
Next by Date: Re: [PATCH 01/14] target/arm: Log CPU index in 'Taking exception' log
Previous by thread: Re: [PATCH v2 13/13] hw/intc/arm_gicv3_its: Range-check ICID before indexing into collection table
Next by thread: [PATCH v2 12/13] hw/intc/arm_gicv3_its: Check indexes before use, not after
Index(es):
- Date
- Thread