Re: [Qemu-devel] [PATCH] memory: check write/read_with_attrs in memory dispatch

Tue, 20 Nov 2018 19:33:38 -0800 

Ping...

It makes sense as when we use 'memory_region_read_accessor' we check
mr->ops->read.
but when we use 'memory_region_read_with_attrs_accessor', we doesn't check
this.

Thanks,
Li Qiang

Li Qiang <liq...@gmail.com> 于2018年11月13日周二 上午9:42写道:

> This can avoid the NULL-deref if the rm doesn't has a
> read/write nor write/read_with_attrs callback.
>
> Signed-off-by: Li Qiang <liq...@gmail.com>
> ---
>  memory.c | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/memory.c b/memory.c
> index d14c6dec1d..3baf5857b9 100644
> --- a/memory.c
> +++ b/memory.c
> @@ -1377,13 +1377,15 @@ static MemTxResult
> memory_region_dispatch_read1(MemoryRegion *mr,
>                                           mr->ops->impl.max_access_size,
>                                           memory_region_read_accessor,
>                                           mr, attrs);
> -    } else {
> +    } else if (mr->ops->read_with_attrs) {
>          return access_with_adjusted_size(addr, pval, size,
>                                           mr->ops->impl.min_access_size,
>                                           mr->ops->impl.max_access_size,
>
> memory_region_read_with_attrs_accessor,
>                                           mr, attrs);
>      }
> +
> +    return MEMTX_DECODE_ERROR;
>  }
>
>  MemTxResult memory_region_dispatch_read(MemoryRegion *mr,
> @@ -1454,7 +1456,7 @@ MemTxResult
> memory_region_dispatch_write(MemoryRegion *mr,
>                                           mr->ops->impl.max_access_size,
>                                           memory_region_write_accessor, mr,
>                                           attrs);
> -    } else {
> +    } else if (mr->ops->write_with_attrs) {
>          return
>              access_with_adjusted_size(addr, &data, size,
>                                        mr->ops->impl.min_access_size,
> @@ -1462,6 +1464,8 @@ MemTxResult
> memory_region_dispatch_write(MemoryRegion *mr,
>
>  memory_region_write_with_attrs_accessor,
>                                        mr, attrs);
>      }
> +
> +    return MEMTX_DECODE_ERROR;
>  }
>
>  void memory_region_init_io(MemoryRegion *mr,
> --
> 2.11.0
>
>

Reply via email to