qemu/hw
Li Qiang 2d69eba5fe virtio: update MemoryRegionCaches when guest set bad features
Current the 'virtio_set_features' only update the 'MemorRegionCaches'
when the 'virtio_set_features_nocheck' return '0' which means it is
not bad features. However the guest can still trigger the access of the
used vring after set bad features. In this situation it will cause assert
failure in 'ADDRESS_SPACE_ST_CACHED'.

Buglink: https://bugs.launchpad.net/qemu/+bug/1890333
Fixes: db812c4073 ("virtio: update MemoryRegionCaches when guest negotiates features")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Li Qiang <liq3ea@163.com>
Message-Id: <20200919082706.6703-1-liq3ea@163.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-09-29 02:15:24 -04:00
..
9pfs Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
acpi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
adc meson: convert hw/adc 2020-08-21 06:30:32 -04:00
alpha load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
arm load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
audio Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
avr Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
block vhost: recheck dev state in the vhost_migration_log routine 2020-09-29 02:14:29 -04:00
char Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
core virtio: skip legacy support check on machine types less than 5.1 2020-09-29 02:15:24 -04:00
cpu cpu/core: Register core-id and nr-threads as class properties 2020-09-22 16:48:29 -04:00
cris load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
display qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
dma Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
gpio Pull request trivial patches 20200919 2020-09-22 15:42:23 +01:00
hppa Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
hyperv qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
i2c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
i386 cphp: remove deprecated cpu-add command(s) 2020-09-29 02:14:30 -04:00
ide Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
input Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
intc qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
ipack Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ipmi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
isa Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
lm32 hw/sd/milkymist: Do not create SD card within the SD host controller 2020-08-21 16:22:43 +02:00
m68k Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
mem hw/mem: Stubbed out NPCM7xx Memory Controller model 2020-09-14 14:24:59 +01:00
microblaze load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
mips load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
misc Pull request 2020-09-24 18:48:45 +01:00
moxie load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
net qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
nios2 load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
nubus meson: convert hw/nubus 2020-08-21 06:30:25 -04:00
nvram Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
openrisc meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
pci qom: simplify object_find_property / object_class_find_property 2020-09-22 16:45:16 -04:00
pci-bridge Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pci-host i440fx: Register i440FX-pcihost properties as class properties 2020-09-22 16:48:29 -04:00
pcmcia pxa2xx: Move QOM macros to header 2020-08-27 14:04:55 -04:00
ppc load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
rdma qemu/atomic.h: rename atomic_ to qatomic_ 2020-09-23 16:07:44 +01:00
riscv load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
rtc Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
rx Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
s390x vhost-vsock-ccw: force virtio version 1 2020-09-29 02:15:24 -04:00
scsi qom: simplify object_find_property / object_class_find_property 2020-09-22 16:45:16 -04:00
sd Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
semihosting meson: convert hw/semihosting 2020-08-21 06:30:25 -04:00
sh4 Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
smbios hw/smbios: add options for type 4 max-speed and current-speed 2020-08-27 08:29:13 -04:00
sparc Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
sparc64 Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ssi Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
timer Pull request trivial patches 20200919 2020-09-22 15:42:23 +01:00
tpm Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
tricore meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
unicore32 meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
usb usb: fix u2f build 2020-09-22 16:40:56 +01:00
vfio Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
virtio virtio: update MemoryRegionCaches when guest set bad features 2020-09-29 02:15:24 -04:00
watchdog Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
xen Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
xenpv meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
xtensa load_elf: Remove unused address variables from callers 2020-09-25 16:52:08 -07:00
Kconfig hw/avr: Add limited support for some Arduino boards 2020-07-11 11:02:05 +02:00
meson.build meson: convert hw/arch* 2020-08-21 06:30:33 -04:00