Backport of: From 921604e175b8ec06c39503310e7b3ec1e3eafe9e Mon Sep 17 00:00:00 2001 From: Prasad J Pandit Date: Tue, 11 Aug 2020 17:11:30 +0530 Subject: [PATCH] spapr_pci: add spapr msi read method Add spapr msi mmio read method to avoid NULL pointer dereference issue. Reported-by: Lei Sun Acked-by: David Gibson Reviewed-by: Li Qiang Signed-off-by: Prasad J Pandit Message-Id: <20200811114133.672647-7-ppandit@redhat.com> Signed-off-by: Paolo Bonzini CVE: CVE-2020-15469 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2020-15469-6.patch?h=ubuntu/focal-security Upstream commit https://github.com/qemu/qemu/commit/921604e175b8ec06c39503310e7b3ec1e3eafe9e] Signed-off-by: Chee Yang Lee --- hw/ppc/spapr_pci.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) --- a/hw/ppc/spapr_pci.c +++ b/hw/ppc/spapr_pci.c @@ -52,6 +52,7 @@ #include "sysemu/kvm.h" #include "sysemu/hostmem.h" #include "sysemu/numa.h" +#include "qemu/log.h" /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */ #define RTAS_QUERY_FN 0 @@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin return route; } +static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size) +{ + qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid access\n", __func__); + return 0; +} + /* * MSI/MSIX memory region implementation. * The handler handles both MSI and MSIX. @@ -755,8 +762,11 @@ static void spapr_msi_write(void *opaque } static const MemoryRegionOps spapr_msi_ops = { - /* There is no .read as the read result is undefined by PCI spec */ - .read = NULL, + /* + * .read result is undefined by PCI spec. + * define .read method to avoid assert failure in memory_region_init_io + */ + .read = spapr_msi_read, .write = spapr_msi_write, .endianness = DEVICE_LITTLE_ENDIAN };