On Wed, Jun 23, 2021 at 08:00:14PM +0200, Philippe Mathieu-Daudé wrote:
> Multiple commands have to check the address requested is valid.
check that the
> Extract this code pattern as a new address_in_range() helper, and
> log invalid accesses as guest errors.
>
> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
> ---
> hw/sd/sd.c | 32 ++++++++++++++++++++------------
> 1 file changed, 20 insertions(+), 12 deletions(-)
>
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index d8fdf84f4db..9c8dd11bad1 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -937,6 +937,18 @@ static void sd_lock_command(SDState *sd)
> sd->card_status &= ~CARD_IS_LOCKED;
> }
>
> +static bool address_in_range(SDState *sd, const char *desc,
> + uint64_t addr, uint32_t length)
> +{
> + if (addr + length > sd->size) {
> + qemu_log_mask(LOG_GUEST_ERROR, "%s offset %lu > card %lu [%%%u]\n",
> + desc, addr, sd->size, length);
For a (fictitiously small) device with 2048 bytes and a read request
of 2k at offset 1k, this results in the odd message:
READ_BLOCK offset 1024 > card 2048 [%2048]
Would it be any better as:
"%s offset+length %lu+%lu > card size %lu\n"
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
