Youness Alaoui has uploaded this change for review.

View Change

rpci: Use pci_dev struct pointer to avoid API breaks

The pci_dev structure is never meant to be used as is, but always as a
pointer. By using the struct itself in undo_pci_write_data, we are risking
data corruption, or buffer overflows if the structure size changes.

This is especially apparent on my system where flashrom segfaults
because I compile it with pciutils 3.3.0 and I run it on a system
with pciutils 3.5.2. The struture size is different and causes a
struct with the wrong size to be sent to the library, with invalid
internal field values.

This has been discovered and discussed in Change ID 18925 [1]

[1] https://review.coreboot.org/#/c/18925/

Change-Id: Icde2e587992ba964d4ff92c33aa659850ba06298
Signed-off-by: Youness Alaoui <kakaroto@kakaroto.homelinux.net>
---
M pcidev.c
1 file changed, 7 insertions(+), 6 deletions(-)

git pull ssh://review.coreboot.org:29418/flashrom refs/changes/84/20784/1
diff --git a/pcidev.c b/pcidev.c
index 2c78063..7a211e8 100644
--- a/pcidev.c
+++ b/pcidev.c
@@ -259,7 +259,7 @@
 };
 
 struct undo_pci_write_data {
-	struct pci_dev dev;
+	struct pci_dev * dev;
 	int reg;
 	enum pci_write_type type;
 	union {
@@ -278,16 +278,16 @@
 		return 1;
 	}
 	msg_pdbg("Restoring PCI config space for %02x:%02x:%01x reg 0x%02x\n",
-		 data->dev.bus, data->dev.dev, data->dev.func, data->reg);
+		 data->dev->bus, data->dev->dev, data->dev->func, data->reg);
 	switch (data->type) {
 	case pci_write_type_byte:
-		pci_write_byte(&data->dev, data->reg, data->bytedata);
+		pci_write_byte(data->dev, data->reg, data->bytedata);
 		break;
 	case pci_write_type_word:
-		pci_write_word(&data->dev, data->reg, data->worddata);
+		pci_write_word(data->dev, data->reg, data->worddata);
 		break;
 	case pci_write_type_long:
-		pci_write_long(&data->dev, data->reg, data->longdata);
+		pci_write_long(data->dev, data->reg, data->longdata);
 		break;
 	}
 	/* p was allocated in register_undo_pci_write. */
@@ -303,7 +303,8 @@
 		msg_gerr("Out of memory!\n");				\
 		exit(1);						\
 	}								\
-	undo_pci_write_data->dev = *a;					\
+	undo_pci_write_data->dev =  pci_get_dev(pacc,			\
+             a->domain, a->bus, a->dev, a->func);			\
 	undo_pci_write_data->reg = b;					\
 	undo_pci_write_data->type = pci_write_type_##c;			\
 	undo_pci_write_data->c##data = pci_read_##c(dev, reg);		\

To view, visit change 20784. To unsubscribe, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: staging
Gerrit-MessageType: newchange
Gerrit-Change-Id: Icde2e587992ba964d4ff92c33aa659850ba06298
Gerrit-Change-Number: 20784
Gerrit-PatchSet: 1
Gerrit-Owner: Youness Alaoui <snifikino@gmail.com>