mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw
History
Paolo Bonzini 61f6b12cf3 scsi-generic: fix buffer overflow on block limits inquiry 
Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
device makes qemu crash.  This is caused by a buffer overflow when
scsi-generic patches the block limits VPD page.

Do the operations on a temporary on-stack buffer that is guaranteed
to be large enough.

Reported-by: Théo Maillart <tmaillart@freebox.fr>
Analyzed-by: Théo Maillart <tmaillart@freebox.fr>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9bd634b2f5e2f10fe35d7609eb83f30583f2e15a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-05-18 21:10:00 +03:00
..
9pfs
9pfs/xen: Fix segfault on shutdown
2023-05-18 21:09:59 +03:00
acpi
acpi: pcihp: allow repeating hot-unplug requests
2023-05-18 21:09:41 +03:00
adc
alpha
hw: Remove unused MAX_IDE_BUS define
2022-10-31 11:32:07 +01:00
arm
hw/arm/raspi: Use arm_write_bootloader() to write boot code
2023-05-18 21:09:59 +03:00
audio
hw/audio/intel-hda: Drop unnecessary prototype
2022-11-23 12:30:45 +01:00
avr
block
hw/virtio: generalise CHR_EVENT_CLOSED handling
2022-12-01 02:30:13 -05:00
char
core
virtio-rng-pci: fix transitional migration compat for vectors
2023-03-29 10:20:04 +03:00
cpu
cris
cxl
hw/cxl/cdat: CXL CDAT Data Object Exchange implementation
2022-11-07 13:12:19 -05:00
display
hw/display/next-fb: Fix comment typo
2022-12-03 22:07:07 +01:00
dma
gpio
hppa
hw: Remove unused MAX_IDE_BUS define
2022-10-31 11:32:07 +01:00
hyperv
hw/hyperv/hyperv.c: Use device_cold_reset() instead of device_legacy_reset()
2022-10-27 10:27:23 +01:00
i2c
i386
xen/pt: reserve PCI slot 2 for Intel igd-passthru
2023-05-18 21:09:59 +03:00
ide
hw/ppc/mac.h: Rename to include/hw/nvram/mac_nvram.h
2022-10-31 18:48:23 +00:00
input
pckbd: remove legacy i8042_mm_init() function
2022-07-18 19:28:46 +01:00
intc
hw/intc/allwinner-a10-pic: Don't use set_bit()/clear_bit()
2023-05-18 21:09:59 +03:00
ipack
ipmi
isa
acpi: x86: move RPQx field back to _SB scope
2022-11-22 05:19:00 -05:00
loongarch
Revert "hw/loongarch/virt: Add cfi01 pflash device"
2022-12-05 11:24:35 -05:00
m68k
m68k/q800: do not re-randomize RNG seed on snapshot load
2022-10-27 11:34:31 +01:00
mem
hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange
2022-11-07 13:12:19 -05:00
microblaze
mips
hw/mips/malta: Use bootloader helper to set BAR registers
2022-10-31 11:32:56 +01:00
misc
mac_nvram: Use NVRAM_SIZE constant
2022-10-31 18:48:23 +00:00
net
hw/net/allwinner-sun8i-emac: Correctly byteswap descriptor fields
2023-05-18 21:09:59 +03:00
nios2
nubus
nvme
hw/nvme: fix memory leak in nvme_dsm
2023-04-13 18:28:32 +03:00
nvram
Revert "x86: return modified setup_data only if read as memory, not as file"
2023-03-29 10:20:04 +03:00
openrisc
openrisc: re-randomize rng-seed on reboot
2022-10-27 11:34:31 +01:00
pci
msix: Assert that specified vector is in range
2022-11-07 14:08:17 -05:00
pci-bridge
hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE
2022-11-07 13:12:19 -05:00
pci-host
hw/pci-host/pnv_phb: Avoid quitting QEMU if hotplug of pnv-phb-root-port fails
2022-11-10 18:22:10 -03:00
pcmcia
ppc
mac_newworld: Turn CORE99_VIA_CONFIG defines into an enum
2022-10-31 18:48:23 +00:00
rdma
hw/pvrdma: Protect against buggy or malicious guest driver
2023-03-30 12:19:04 +03:00
remote
msix: Assert that specified vector is in range
2022-11-07 14:08:17 -05:00
riscv
riscv: re-randomize rng-seed on reboot
2022-10-27 11:34:31 +01:00
rtc
rx
rx: re-randomize rng-seed on reboot
2022-10-27 11:34:31 +01:00
s390x
s390x: Fix spelling errors
2022-11-16 10:15:26 +01:00
scsi
scsi-generic: fix buffer overflow on block limits inquiry
2023-05-18 21:10:00 +03:00
sd
hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields
2023-05-18 21:09:59 +03:00
sensor
sh4
smbios
hw/smbios: fix field corruption in type 4 table
2023-03-29 10:20:04 +03:00
sparc
sparc64
hw: Remove unused MAX_IDE_BUS define
2022-10-31 11:32:07 +01:00
ssi
timer
hw/timer/hpet: Fix expiration time overflow
2023-03-29 10:20:04 +03:00
tpm
tricore
usb
hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset()
2022-11-23 12:28:51 +01:00
vfio
pci,pc,virtio: features, tests, fixes, cleanups
2022-11-07 18:43:56 -05:00
virtio
Revert "vhost-user: Introduce nested event loop in vhost_user_read()"
2023-05-18 21:09:59 +03:00
watchdog
xen
xen/pt: reserve PCI slot 2 for Intel igd-passthru
2023-05-18 21:09:59 +03:00
xenpv
xtensa
Kconfig
meson.build