mirror of
https://review.coreboot.org/flashrom.git
synced 2025-07-02 06:23:18 +02:00
rpci: Use pci_dev struct pointer to avoid API breaks
The pci_dev structure is never meant to be used as is, but always as a pointer. By using the struct itself in undo_pci_write_data, we are risking data corruption, or buffer overflows if the structure size changes. This is especially apparent on my system where flashrom segfaults because I compile it with pciutils 3.3.0 and I run it on a system with pciutils 3.5.2. The struture size is different and causes a struct with the wrong size to be sent to the library, with invalid internal field values. This has been discovered and discussed in Change ID 18925 [1] [1] https://review.coreboot.org/#/c/18925/ Change-Id: Icde2e587992ba964d4ff92c33aa659850ba06298 Signed-off-by: Youness Alaoui <kakaroto@kakaroto.homelinux.net> Reviewed-on: https://review.coreboot.org/20784 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Nico Huber <nico.h@gmx.de>
This commit is contained in:

committed by
Nico Huber

parent
67d7179292
commit
a54ceb1dbe
@ -843,6 +843,7 @@ static int enable_flash_pch100(struct pci_dev *const dev, const char *const name
|
||||
* straints (e.g. on PCI domains, extended PCIe config space).
|
||||
*/
|
||||
struct pci_access *const pci_acc = pci_alloc();
|
||||
struct pci_access *const saved_pacc = pacc;
|
||||
if (!pci_acc) {
|
||||
msg_perr("Can't allocate PCI accessor.\n");
|
||||
return ret;
|
||||
@ -857,6 +858,9 @@ static int enable_flash_pch100(struct pci_dev *const dev, const char *const name
|
||||
return ret;
|
||||
}
|
||||
|
||||
/* Modify pacc so the rpci_write can register the undo callback with a
|
||||
* device using the correct pci_access */
|
||||
pacc = pci_acc;
|
||||
enable_flash_ich_report_gcs(spi_dev, pch_generation, NULL);
|
||||
|
||||
const int ret_bc = enable_flash_ich_bios_cntl_config_space(spi_dev, pch_generation, 0xdc);
|
||||
@ -880,6 +884,7 @@ static int enable_flash_pch100(struct pci_dev *const dev, const char *const name
|
||||
|
||||
_freepci_ret:
|
||||
pci_free_dev(spi_dev);
|
||||
pacc = saved_pacc;
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user