qemu/include/hw/virtio
Carlos López f0d634ea19 virtio: refresh vring region cache after updating a virtqueue size
When a virtqueue size is changed by the guest via
virtio_queue_set_num(), its region cache is not automatically updated.
If the size was increased, this could lead to accessing the cache out
of bounds. For example, in vring_get_used_event():

    static inline uint16_t vring_get_used_event(VirtQueue *vq)
    {
        return vring_avail_ring(vq, vq->vring.num);
    }

    static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
    {
        VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
        hwaddr pa = offsetof(VRingAvail, ring[i]);

        if (!caches) {
            return 0;
        }

        return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
    }

vq->vring.num will be greater than caches->avail.len, which will
trigger a failed assertion down the call path of
virtio_lduw_phys_cached().

Fix this by calling virtio_init_region_cache() after
virtio_queue_set_num() if we are not already calling
virtio_queue_set_rings(). In the legacy path this is already done by
virtio_queue_update_rings().

Signed-off-by: Carlos López <clopez@suse.de>
Message-Id: <20230317002749.27379-1-clopez@suse.de>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-04-21 03:08:21 -04:00
..
vdpa-dev.h vdpa: add vdpa-dev support 2022-12-21 06:35:28 -05:00
vhost-backend.h vdpa: move vhost reset after get vring base 2023-03-07 12:38:59 -05:00
vhost-scsi-common.h
vhost-scsi.h
vhost-user-blk.h vhost-user-blk: make 'config_wce' part of 'host_features' 2022-10-07 09:41:51 -04:00
vhost-user-fs.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
vhost-user-gpio.h vhost-user-gpio: Configure vhost_dev when connecting 2023-03-02 03:10:47 -05:00
vhost-user-i2c.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
vhost-user-rng.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
vhost-user-scsi.h
vhost-user-vsock.h Clean up ill-advised or unusual header guards 2022-05-11 16:50:01 +02:00
vhost-user.h hw/virtio: generalise CHR_EVENT_CLOSED handling 2022-12-01 02:30:13 -05:00
vhost-vdpa.h vdpa net: block migration if the device has CVQ 2023-03-07 12:38:59 -05:00
vhost-vsock-common.h virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
vhost-vsock.h vhost-vsock: handle common features in vhost-vsock-common 2021-10-05 17:30:57 -04:00
vhost.h vhost: add support for configure interrupt 2023-01-08 01:54:22 -05:00
virtio-access.h Replace TARGET_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
virtio-balloon.h
virtio-blk-common.h virtio-blk: move config size params to virtio-blk-common 2022-10-07 09:41:51 -04:00
virtio-blk.h virtio-blk: simplify virtio_blk_dma_restart_cb() 2023-01-23 15:01:23 -05:00
virtio-bus.h virtio-bus: introduce iommu_enabled() 2021-09-04 16:35:17 -04:00
virtio-crypto.h crypto: Introduce RSA algorithm 2022-06-16 12:54:58 -04:00
virtio-gpu-bswap.h Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
virtio-gpu-pci.h
virtio-gpu-pixman.h
virtio-gpu.h virtio-gpu: Respect UI refresh rate for EDID 2022-06-14 10:34:37 +02:00
virtio-input.h
virtio-iommu.h virtio-iommu: Use recursive lock to avoid deadlock 2022-06-16 12:54:58 -04:00
virtio-mem.h virtio-mem: Migrate immutable properties early 2023-02-06 19:22:56 +01:00
virtio-mmio.h include: Include headers where needed 2023-01-08 01:54:22 -05:00
virtio-net.h virtio-net: Expose ctrl virtqueue logic 2022-07-20 16:58:08 +08:00
virtio-pci.h virtio-pci: add support for configure interrupt 2023-01-08 01:54:22 -05:00
virtio-pmem.h
virtio-rng.h
virtio-scsi.h virtio-scsi: reset SCSI devices from main loop thread 2023-02-23 19:49:35 +01:00
virtio-serial.h
virtio.h virtio: refresh vring region cache after updating a virtqueue size 2023-04-21 03:08:21 -04:00