github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-07-04 02:56:52 +00:00
Code Issues Projects Releases Wiki Activity

hv: validate inputs in vpci_mmio_cfg_access

Browse Source 
This function is registered as PCI MMIO configuration
  access handler, which processes PCI configuration access
  request from ACRN guest hence the inputs shall be validated
  to avoid potential hypervisor crash when handling inputs
  from malicious guests.

Tracked-On: #7902
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>
This commit is contained in:
Yonghua Huang 2022-07-22 06:39:48 +03:00 committed by acrnsi-robot
parent 83164d6030
commit 95a938e50a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hypervisor/dm/vpci/vpci.c
View File

@ -192,10 +192,17 @@ static int32_t vpci_mmio_cfg_access(struct io_request *io_req, void *private_dat
bdf.value = (uint16_t)((address - pci_mmcofg_base) >> 12U); bdf.value = (uint16_t)((address - pci_mmcofg_base) >> 12U);
if (mmio->direction == ACRN_IOREQ_DIR_READ) { if (mmio->direction == ACRN_IOREQ_DIR_READ) {
ret = vpci_read_cfg(vpci, bdf, reg_num, (uint32_t)mmio->size, (uint32_t *)&mmio->value); uint32_t val = ~0U;
if (pci_is_valid_access(reg_num, (uint32_t)mmio->size)) {
ret = vpci_read_cfg(vpci, bdf, reg_num, (uint32_t)mmio->size, &val);
}
mmio->value = val;
} else { } else {
if (pci_is_valid_access(reg_num, (uint32_t)mmio->size)) {
ret = vpci_write_cfg(vpci, bdf, reg_num, (uint32_t)mmio->size, (uint32_t)mmio->value); ret = vpci_write_cfg(vpci, bdf, reg_num, (uint32_t)mmio->size, (uint32_t)mmio->value);
} }
}
return ret; return ret;
} }