diff options
| author | David Gibson <david@gibson.dropbear.id.au> | 2012-01-11 19:46:26 +0000 |
|---|---|---|
| committer | Alexander Graf <agraf@suse.de> | 2012-01-21 05:17:02 +0100 |
| commit | c9c3c80af71dd2b7813d1ada9b14cb51df584221 (patch) | |
| tree | c44c4eb2f0bc79d92142dd93ca2347bfa5fe7096 | |
| parent | 3f7565c957c14e4600d471791fca8e534c1ad0b7 (diff) | |
| download | qemu-c9c3c80af71dd2b7813d1ada9b14cb51df584221.tar.gz | |
pseries: Use correct dispatcher for PCI config space accesses
The pseries machine expects a para-virtualized guest and so supplies RTAS
functions (via a hypercall) for performing PCI config space access.
Currently the implementation of these calls into
pci_default_{read,write}_config(). However this would be incorrect for
any PCI device which overrides the default config read/write functions.
AFAICT there's only one such device today, but we should still get it
right. In addition the pci_host_config_{read,write}_common() functions
which do correctly do this dispatch, perform bounds checking on the config
space address, lack of which currently leads to an exploitable bug.
This patch corrects the problem.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Alexander Graf <agraf@suse.de>
| -rw-r--r-- | hw/spapr_pci.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/hw/spapr_pci.c b/hw/spapr_pci.c index 2550e197c8..f3f9246ee0 100644 --- a/hw/spapr_pci.c +++ b/hw/spapr_pci.c @@ -82,7 +82,7 @@ static void rtas_ibm_read_pci_config(sPAPREnvironment *spapr, } size = rtas_ld(args, 3); addr = rtas_pci_cfgaddr(rtas_ld(args, 0)); - val = pci_default_read_config(dev, addr, size); + val = pci_host_config_read_common(dev, addr, pci_config_size(dev), size); rtas_st(rets, 0, 0); rtas_st(rets, 1, val); } @@ -101,7 +101,7 @@ static void rtas_read_pci_config(sPAPREnvironment *spapr, } size = rtas_ld(args, 1); addr = rtas_pci_cfgaddr(rtas_ld(args, 0)); - val = pci_default_read_config(dev, addr, size); + val = pci_host_config_read_common(dev, addr, pci_config_size(dev), size); rtas_st(rets, 0, 0); rtas_st(rets, 1, val); } @@ -122,7 +122,7 @@ static void rtas_ibm_write_pci_config(sPAPREnvironment *spapr, val = rtas_ld(args, 4); size = rtas_ld(args, 3); addr = rtas_pci_cfgaddr(rtas_ld(args, 0)); - pci_default_write_config(dev, addr, val, size); + pci_host_config_write_common(dev, addr, pci_config_size(dev), val, size); rtas_st(rets, 0, 0); } @@ -141,7 +141,7 @@ static void rtas_write_pci_config(sPAPREnvironment *spapr, val = rtas_ld(args, 2); size = rtas_ld(args, 1); addr = rtas_pci_cfgaddr(rtas_ld(args, 0)); - pci_default_write_config(dev, addr, val, size); + pci_host_config_write_common(dev, addr, pci_config_size(dev), val, size); rtas_st(rets, 0, 0); } |