On the pseries platform, access to PCI config space is via RTAS calls(
which go to the hypervisor) rather than MMIO. This means we don't use
the same code path as nearly everyone else which goes through pci_host.c
and we're missing some of the parameter checking along the way.
We do have some parameter checking in the RTAS calls, but it's not enough.
It checks for overruns, but does not check for unaligned accesses,
oversized accesses (which means the guest could trigger an assertion
failure from pci_host_config_{read,write}_common(). Worse it doesn't do
the basic checking for the number of RTAS arguments and results before
accessing them.
This patch fixes these bugs.
Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
[AF: Fix typos spotted by mst] Signed-off-by: Andreas Färber <afaerber@suse.de>
projects / mirror_qemu.git / commit