Youness Alaoui has uploaded this change for review.

View Change

rpci: Use pci_dev struct pointer to avoid API breaks

The pci_dev structure is never meant to be used as is, but always as a
pointer. By using the struct itself in undo_pci_write_data, we are risking
data corruption, or buffer overflows if the structure size changes.

This is especially apparent on my system where flashrom segfaults
because I compile it with pciutils 3.3.0 and I run it on a system
with pciutils 3.5.2. The struture size is different and causes a
struct with the wrong size to be sent to the library, with invalid
internal field values.

This has been discovered and discussed in Change ID 18925 [1]

[1] https://review.coreboot.org/#/c/18925/

Change-Id: Icde2e587992ba964d4ff92c33aa659850ba06298
Signed-off-by: Youness Alaoui <kakaroto@kakaroto.homelinux.net>
---
M pcidev.c
1 file changed, 7 insertions(+), 6 deletions(-)

git pull ssh://review.coreboot.org:29418/flashrom refs/changes/84/20784/1
diff --git a/pcidev.c b/pcidev.c
index 2c78063..7a211e8 100644
--- a/pcidev.c
+++ b/pcidev.c
@@ -259,7 +259,7 @@
};

struct undo_pci_write_data {
- struct pci_dev dev;
+ struct pci_dev * dev;
int reg;
enum pci_write_type type;
union {
@@ -278,16 +278,16 @@
return 1;
}
msg_pdbg("Restoring PCI config space for %02x:%02x:%01x reg 0x%02x\n",
- data->dev.bus, data->dev.dev, data->dev.func, data->reg);
+ data->dev->bus, data->dev->dev, data->dev->func, data->reg);
switch (data->type) {
case pci_write_type_byte:
- pci_write_byte(&data->dev, data->reg, data->bytedata);
+ pci_write_byte(data->dev, data->reg, data->bytedata);
break;
case pci_write_type_word:
- pci_write_word(&data->dev, data->reg, data->worddata);
+ pci_write_word(data->dev, data->reg, data->worddata);
break;
case pci_write_type_long:
- pci_write_long(&data->dev, data->reg, data->longdata);
+ pci_write_long(data->dev, data->reg, data->longdata);
break;
}
/* p was allocated in register_undo_pci_write. */
@@ -303,7 +303,8 @@
msg_gerr("Out of memory!\n"); \
exit(1); \
} \
- undo_pci_write_data->dev = *a; \
+ undo_pci_write_data->dev = pci_get_dev(pacc, \
+ a->domain, a->bus, a->dev, a->func); \
undo_pci_write_data->reg = b; \
undo_pci_write_data->type = pci_write_type_##c; \
undo_pci_write_data->c##data = pci_read_##c(dev, reg); \

To view, visit change 20784. To unsubscribe, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: staging
Gerrit-MessageType: newchange
Gerrit-Change-Id: Icde2e587992ba964d4ff92c33aa659850ba06298
Gerrit-Change-Number: 20784
Gerrit-PatchSet: 1
Gerrit-Owner: Youness Alaoui <snifikino@gmail.com>