diff options
author | Youness Alaoui <kakaroto@kakaroto.homelinux.net> | 2017-07-26 18:03:36 -0400 |
---|---|---|
committer | Nico Huber <nico.h@gmx.de> | 2017-08-10 15:18:11 +0000 |
commit | a54ceb1dbe76e76ca8701dbda3e5baf011b16d6d (patch) | |
tree | f27ce3b104511a8b1598e77858cb42b41cb5e515 /chipset_enable.c | |
parent | 67d71792929f94d4638a3663f2fc19aea4918681 (diff) | |
download | flashrom-a54ceb1dbe76e76ca8701dbda3e5baf011b16d6d.tar.gz flashrom-a54ceb1dbe76e76ca8701dbda3e5baf011b16d6d.tar.bz2 flashrom-a54ceb1dbe76e76ca8701dbda3e5baf011b16d6d.zip |
rpci: Use pci_dev struct pointer to avoid API breaks
The pci_dev structure is never meant to be used as is, but always as a
pointer. By using the struct itself in undo_pci_write_data, we are risking
data corruption, or buffer overflows if the structure size changes.
This is especially apparent on my system where flashrom segfaults
because I compile it with pciutils 3.3.0 and I run it on a system
with pciutils 3.5.2. The struture size is different and causes a
struct with the wrong size to be sent to the library, with invalid
internal field values.
This has been discovered and discussed in Change ID 18925 [1]
[1] https://review.coreboot.org/#/c/18925/
Change-Id: Icde2e587992ba964d4ff92c33aa659850ba06298
Signed-off-by: Youness Alaoui <kakaroto@kakaroto.homelinux.net>
Reviewed-on: https://review.coreboot.org/20784
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Diffstat (limited to 'chipset_enable.c')
-rw-r--r-- | chipset_enable.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/chipset_enable.c b/chipset_enable.c index 20d266200..6a93d0d57 100644 --- a/chipset_enable.c +++ b/chipset_enable.c @@ -843,6 +843,7 @@ static int enable_flash_pch100(struct pci_dev *const dev, const char *const name * straints (e.g. on PCI domains, extended PCIe config space). */ struct pci_access *const pci_acc = pci_alloc(); + struct pci_access *const saved_pacc = pacc; if (!pci_acc) { msg_perr("Can't allocate PCI accessor.\n"); return ret; @@ -857,6 +858,9 @@ static int enable_flash_pch100(struct pci_dev *const dev, const char *const name return ret; } + /* Modify pacc so the rpci_write can register the undo callback with a + * device using the correct pci_access */ + pacc = pci_acc; enable_flash_ich_report_gcs(spi_dev, pch_generation, NULL); const int ret_bc = enable_flash_ich_bios_cntl_config_space(spi_dev, pch_generation, 0xdc); @@ -880,6 +884,7 @@ static int enable_flash_pch100(struct pci_dev *const dev, const char *const name _freepci_ret: pci_free_dev(spi_dev); + pacc = saved_pacc; return ret; } |