P J P <[email protected]> 于2020年8月27日周四 下午7:52写道: > > From: Prasad J Pandit <[email protected]> > > While mapping IRQ level in pci_change_irq_level() routine, > it does not check if pci_get_bus() returned a valid pointer. > It may lead to a NULL pointer dereference issue. Add check to > avoid it. > > -> https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 > ==1183858==Hint: address points to the zero page. > #0 pci_change_irq_level hw/pci/pci.c:259 > #1 pci_irq_handler hw/pci/pci.c:1445 > #2 pci_set_irq hw/pci/pci.c:1463 > #3 lsi_set_irq hw/scsi/lsi53c895a.c:488 > #4 lsi_update_irq hw/scsi/lsi53c895a.c:523 > #5 lsi_script_scsi_interrupt hw/scsi/lsi53c895a.c:554 > #6 lsi_execute_script hw/scsi/lsi53c895a.c:1149 > #7 lsi_reg_writeb hw/scsi/lsi53c895a.c:1984 > #8 lsi_io_write hw/scsi/lsi53c895a.c:2146 > ... > > Reported-by: Ruhr-University <[email protected]> > Signed-off-by: Prasad J Pandit <[email protected]> > --- > hw/pci/pci.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/hw/pci/pci.c b/hw/pci/pci.c > index de0fae10ab..df5a2c3294 100644 > --- a/hw/pci/pci.c > +++ b/hw/pci/pci.c > @@ -253,6 +253,9 @@ static void pci_change_irq_level(PCIDevice *pci_dev, int > irq_num, int change) > PCIBus *bus; > for (;;) { > bus = pci_get_bus(pci_dev); > + if (!bus) {
Hi Prasad, I think in normal this 'bus' will be not NULL. I have look at the link in the commit msg. I find it is another DMA to MMIO issue which we have discussed a lot but didn't come up with an satisfying solution. Maybe we can try to the DMA to MMIO issue direction. CC: Peter, Jason and Alex Thanks, Li Qiang > + return; > + } > irq_num = bus->map_irq(pci_dev, irq_num); > if (bus->set_irq) > break; > -- > 2.26.2 > >
