Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-15 Thread Gerd Hoffmann
Hi, > So I think the patch works fine, and I don't think we need to do > anything fancier. Cool, thanks for checking. take care, Gerd

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-15 Thread Paul Zimmerman
On Wed, Oct 14, 2020 at 12:55 PM Mauro Matteo Cascella wrote: > > On Tue, Oct 13, 2020 at 10:41 AM Gerd Hoffmann wrote: > > > > > > Also: What would be the effect of simply returning here? Would dwc2 > > > > emulation simply stop processing queues? Should we maybe raise an > > > > error IRQ? > >

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-14 Thread Mauro Matteo Cascella
On Tue, Oct 13, 2020 at 10:41 AM Gerd Hoffmann wrote: > > On Tue, Oct 13, 2020 at 12:19:40AM -0700, Paul Zimmerman wrote: > > I sent you a patch to fix up several assert()s, including that one, about a > > month ago. Did you miss it? > > https://lore.kernel.org/qemu-devel/20200920021449.830-1-paul

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-14 Thread Gerd Hoffmann
Hi, > I sent you a patch to fix up several assert()s, including that one, about a > month ago. Did you miss it? > https://lore.kernel.org/qemu-devel/20200920021449.830-1-pauld...@gmail.com Seems I missed that, or deleted by accident. Added to qemu queue now. thanks, Gerd

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-13 Thread Gerd Hoffmann
On Tue, Oct 13, 2020 at 12:19:40AM -0700, Paul Zimmerman wrote: > I sent you a patch to fix up several assert()s, including that one, about a > month ago. Did you miss it? > https://lore.kernel.org/qemu-devel/20200920021449.830-1-pauld...@gmail.com I'll check. There is a bunch of pending stuff in

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-13 Thread Paul Zimmerman
Hi Gerd, On Tue, Oct 13, 2020 at 12:04 AM Gerd Hoffmann wrote: > > > > +if (mps == 0) { > > > +qemu_log_mask(LOG_GUEST_ERROR, > > > +"%s: Bad HCCHAR_MPS set to zero\n", __func__); > > > +return; > > > +} > > > I think it would be better

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-13 Thread Gerd Hoffmann
> > +if (mps == 0) { > > +qemu_log_mask(LOG_GUEST_ERROR, > > +"%s: Bad HCCHAR_MPS set to zero\n", __func__); > > +return; > > +} > I think it would be better to move this check earlier in the function, > just after 'mps' is read from the

Re: [PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-12 Thread Paul Zimmerman
On Mon, Oct 12, 2020 at 8:05 AM Mauro Matteo Cascella wrote: > > Check the value of mps before it is used as divisor. Since HCCHAR_MPS is guest > controllable, this prevents a malicious/buggy guest from crashing the QEMU > process on the host. > > Signed-off-by: Mauro Matteo Cascella > Reported-b

[PATCH] hw/usb/hcd-dwc2: fix divide-by-zero in dwc2_handle_packet()

2020-10-12 Thread Mauro Matteo Cascella
Check the value of mps before it is used as divisor. Since HCCHAR_MPS is guest controllable, this prevents a malicious/buggy guest from crashing the QEMU process on the host. Signed-off-by: Mauro Matteo Cascella Reported-by: Gaoning Pan Reported-by: Xingwei Lin --- hw/usb/hcd-dwc2.c | 6 ++