From 42e4126b793d15ec40f3a84017e1d8afecda1b6d Mon Sep 17 00:00:00 2001
From: Jan Kiszka <jan.kiszka@siemens.com>
Date: Fri, 22 Jul 2011 11:05:01 +0200
Subject: pci: Common overflow prevention

Introduce pci_config_read/write_common helpers to prevent passing
accesses down the callback chain that go beyond the config space limits.
Adjust length assertions as they are no longer correct (cutting may
generate valid 3 byte accesses).

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/pcie_host.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'hw/pcie_host.c')

diff --git a/hw/pcie_host.c b/hw/pcie_host.c
index b7498656f2..f0b3d13aae 100644
--- a/hw/pcie_host.c
+++ b/hw/pcie_host.c
@@ -57,22 +57,22 @@ static void pcie_mmcfg_data_write(PCIBus *s,
 {
     PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, mmcfg_addr);
 
-    if (!pci_dev)
+    if (!pci_dev) {
         return;
-
-    pci_dev->config_write(pci_dev,
-                          PCIE_MMCFG_CONFOFFSET(mmcfg_addr), val, len);
+    }
+    pci_host_config_write_common(pci_dev, PCIE_MMCFG_CONFOFFSET(mmcfg_addr),
+                                 pci_config_size(pci_dev), val, len);
 }
 
 static uint32_t pcie_mmcfg_data_read(PCIBus *s, uint32_t addr, int len)
 {
     PCIDevice *pci_dev = pcie_dev_find_by_mmcfg_addr(s, addr);
 
-    assert(len == 1 || len == 2 || len == 4);
     if (!pci_dev) {
         return ~0x0;
     }
-    return pci_dev->config_read(pci_dev, PCIE_MMCFG_CONFOFFSET(addr), len);
+    return pci_host_config_read_common(pci_dev, PCIE_MMCFG_CONFOFFSET(addr),
+                                       pci_config_size(pci_dev), len);
 }
 
 static void pcie_mmcfg_data_writeb(void *opaque,
-- 
cgit v1.2.3