mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
34c6bf22a8
qemu/hw
History
Cornelia Huck 34c6bf22a8 virtio: guard vring access when setting notification 
Switching to vring caches exposed an existing bug in
virtio_queue_set_notification(): We can't access vring structures
if they have not been set up yet. This may happen, for example,
for virtio-blk devices with multiple queues: The code will try to
switch notifiers for every queue, but the guest may have only set up
a subset of them.

Fix this by guarding access to the vring memory by checking for
vring.desc. The first aio poll will iron out any remaining
inconsistencies for later-configured queues (buggy legacy drivers).

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2017-03-02 07:14:27 +02:00
..
9pfs This pull request have all the fixes for CVE-2016-9602, so that it can 2017-03-01 13:53:20 +00:00
acpi qmp/hmp: add query-vm-generation-id and 'info vm-generation-id' commands 2017-03-02 07:14:27 +02:00
adc STM32F2xx: Add the ADC device 2016-10-04 13:28:07 +01:00
alpha hw: Default -drive to if=ide explicitly where it works 2017-02-21 13:10:53 +01:00
arm bcm2835: add sdhost and gpio controllers 2017-02-28 17:10:00 +00:00
audio es1370: wire up reset via DeviceClass 2017-01-11 09:19:03 +01:00
block block: explicitly acquire aiocontext in aio callbacks that need it 2017-02-21 11:39:39 +00:00
bt chardev: qom-ify 2017-01-27 18:08:00 +01:00
char hw/char/mcf_uart: QOMify the ColdFire UART 2017-02-16 14:06:56 +01:00
core target-arm queue: 2017-03-01 17:58:54 +00:00
cpu Introduce DEVICE_CATEGORY_CPU for CPU devices 2017-01-27 18:07:31 +01:00
cris cris: Fix broken header guard in hw/cris/boot.h 2016-07-12 16:20:46 +02:00
display trivial patches for 2017-02-28 2017-02-28 16:22:41 +00:00
dma migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
gpio bcm2835_gpio: add bcm2835 gpio controller 2017-02-28 17:10:00 +00:00
i2c arm: Uniquely name imx25 I2C buses. 2017-01-20 11:15:06 +00:00
i386 ACPI: Add Virtual Machine Generation ID support 2017-03-02 07:14:27 +02:00
ide hw: Drop superfluous special checks for orphaned -drive 2017-02-21 13:17:45 +01:00
input -----BEGIN PGP SIGNATURE----- 2017-02-02 16:08:28 +00:00
intc hw/intc/arm_gicv3_kvm: Reset GICv3 cpu interface registers 2017-02-28 17:10:00 +00:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
isa Allow ISA bus to be configured out 2017-02-06 12:33:21 +11:00
lm32 char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
m68k hw/m68k: QOMify the ColdFire interrupt controller 2017-02-18 22:23:31 +01:00
mem pc: memhp: enable nvdimm device hotplug 2016-11-01 19:21:09 +02:00
microblaze clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
mips hw/mips: MIPS Boston board support 2017-02-24 10:37:21 +00:00
misc hw/arm/exynos: Fix Linux kernel division by zero for PLLs 2017-02-28 12:08:20 +00:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net cadence_gem: Remove unused parameter debug message 2017-02-28 09:03:38 +03:00
nios2 nios2: Add Altera 10M50 GHRD emulation 2017-01-24 13:10:35 -08:00
nvram migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
openrisc target/openrisc: Rename the cpu from or32 to or1k 2017-02-14 08:14:58 +11:00
pci Don't check qobject_type() before qobject_to_qdict() 2017-02-22 19:52:01 +01:00
pci-bridge ppc patch queue 2017-02-02 2017-02-02 18:48:06 +00:00
pci-host ppc patch queue for 2017-02-22 2017-02-24 10:13:57 +00:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc This is the MTTCG pull-request as posted yesterday. 2017-02-25 18:43:52 +00:00
s390x s390x/ipl: Load network boot image 2017-02-28 12:04:48 +01:00
scsi Changes to -drive without if= and with if=scsi 2017-02-21 13:58:50 +00:00
sd hw/sd: add card-reparenting function 2017-02-28 17:10:00 +00:00
sh4 hw: Default -drive to if=ide explicitly where it works 2017-02-21 13:10:53 +01:00
smbios stubs: move smbios stubs to hw/smbios 2017-01-16 17:52:35 +01:00
sparc hw: Drop superfluous special checks for orphaned -drive 2017-02-21 13:17:45 +01:00
sparc64 Pull request for Niagara patches 2017 02 26 2017-02-26 22:40:23 +00:00
ssi aspeed/smc: use a modulo to check segment limits 2017-02-10 17:40:30 +00:00
timer armv7m: Split systick out from NVIC 2017-02-28 16:18:49 +00:00
tpm clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
tricore tricore: remove useless cast 2016-09-15 15:32:22 +03:00
unicore32 clean-up: removed duplicate #includes 2016-10-28 18:17:24 +03:00
usb xhci: properties cleanup 2017-02-23 16:18:03 +01:00
vfio vfio/pci-quirks.c: Disable stolen memory for igd VFIO 2017-02-22 13:19:59 -07:00
virtio virtio: guard vring access when setting notification 2017-03-02 07:14:27 +02:00
watchdog wdt: Add Aspeed watchdog device model 2017-02-07 18:29:59 +00:00
xen Xen 2017/02/02 2017-02-03 12:31:40 +00:00
xenpv xenpv: Fix qemu_uuid compiling error 2016-09-29 11:43:17 +08:00
xtensa target/xtensa: refactor CCOUNT/CCOMPARE 2017-01-15 13:01:55 -08:00
Makefile.objs acpi: filter based on CONFIG_ACPI_X86 rather than TARGET 2017-01-16 17:52:35 +01:00