qemu/hw
Manos Pitsidianakis 704391f94a virtio-iommu: add error check before assert
A fuzzer case discovered by Zheyu Ma causes an assert failure.

Add a check before the assert, and respond with an error before moving
on to the next queue element.

To reproduce the failure:

cat << EOF | \
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -machine q35 -nodefaults \
-device virtio-iommu -qtest stdio
outl 0xcf8 0x80000804
outw 0xcfc 0x06
outl 0xcf8 0x80000820
outl 0xcfc 0xe0004000
write 0x10000e 0x1 0x01
write 0xe0004020 0x4 0x00001000
write 0xe0004028 0x4 0x00101000
write 0xe000401c 0x1 0x01
write 0x106000 0x1 0x05
write 0x100001 0x1 0x60
write 0x100002 0x1 0x10
write 0x100009 0x1 0x04
write 0x10000c 0x1 0x01
write 0x100018 0x1 0x04
write 0x10001c 0x1 0x02
write 0x101003 0x1 0x01
write 0xe0007001 0x1 0x00
EOF

Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2359
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Message-Id: <20240613-fuzz-2359-fix-v2-manos.pitsidianakis@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-01 17:16:05 -04:00
..
9pfs hw/xen: Make XenDevOps structures const 2024-06-04 11:53:43 +02:00
acpi hw/acpi/ich9: Remove dead code related to 'acpi_memory_hotplug' 2024-06-19 12:40:49 +02:00
adc hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
alpha alpha: switch boards to "default y" 2024-05-03 15:47:47 +02:00
arm hw/arm/bcm2836: Remove unusued struct 'BCM283XClass' 2024-06-30 19:51:44 +03:00
audio hw/audio/virtio-snd: Always use little endian audio format 2024-06-19 12:40:49 +02:00
avr avr: switch boards to "default y" 2024-05-03 15:47:47 +02:00
block vhost-user: fix lost reconnect again 2024-07-01 17:16:04 -04:00
char hw: arm: Remove use of tabs in some source files 2024-05-28 14:20:48 +01:00
core virtio-pci: implement No_Soft_Reset bit 2024-07-01 17:16:05 -04:00
cpu hw: Add a Kconfig switch for the TYPE_CPU_CLUSTER device 2024-04-25 12:48:12 +02:00
cris cris: switch boards to "default y" 2024-05-03 15:47:47 +02:00
cxl hw/cxl/cxl-mailbox-utils: Add superset extent release mailbox support 2024-07-01 17:16:04 -04:00
display vhost-user-gpu: fix import of DMABUF 2024-07-01 17:16:04 -04:00
dma hw/dma: Add a trace log for a description loading failure 2024-06-18 14:52:00 +02:00
fsi hw/fsi: Aspeed APB2OPB & On-chip peripheral bus 2024-02-01 08:33:18 +01:00
gpio hw: arm: Remove use of tabs in some source files 2024-05-28 14:20:48 +01:00
hppa hw/hppa/machine: Replace g_memdup() by g_memdup2() 2024-05-08 19:42:45 +02:00
hyperv kvm: move target-dependent interrupt routing out of kvm-all.c 2024-05-03 15:47:48 +02:00
i2c hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
i386 hw/xen: detect when running inside stubdomain 2024-07-01 14:57:18 +02:00
ide hw/ide/atapi: Use qemu_hexdump_line to avoid sprintf 2024-06-05 12:14:20 -07:00
input hw: arm: Remove use of tabs in some source files 2024-05-28 14:20:48 +01:00
intc i386/apic: Add hint on boot failure because of disabling x2APIC 2024-07-01 17:16:05 -04:00
ipack hw/ipack: Constify VMState 2023-12-29 11:17:30 +11:00
ipmi hw/ipmi: Constify VMState 2023-12-29 11:17:30 +11:00
isa hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately 2024-04-15 13:07:11 +02:00
loongarch hw/mem/pc-dimm: Remove legacy_align argument from pc_dimm_pre_plug() 2024-06-19 12:40:49 +02:00
m68k m68k: switch boards to "default y" 2024-05-03 15:47:47 +02:00
mem hw/cxl: Fix read from bogus memory 2024-07-01 17:16:05 -04:00
microblaze microblaze: switch boards to "default y" 2024-05-03 15:47:47 +02:00
mips hw/mips/loongson3_virt: Wire up loongson_ipi device 2024-06-19 12:42:03 +02:00
misc hw/misc/pvpanic: add support for normal shutdowns 2024-07-01 17:16:04 -04:00
net vhost/vhost-user: Add VIRTIO_F_NOTIFICATION_DATA to vhost feature bits 2024-07-01 14:56:23 -04:00
nubus hw/nubus: add nubus-virtio-mmio device 2024-02-27 09:36:39 +01:00
nvme hw/nvme: fix -Werror=maybe-uninitialized 2024-04-02 16:15:07 +02:00
nvram hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
openrisc kconfig: express dependency of individual boards on libfdt 2024-05-10 15:45:15 +02:00
pci HostIOMMUDevice: Store the aliased bus and devfn 2024-06-24 23:15:30 +02:00
pci-bridge Misc HW patch queue 2024-04-25 09:43:29 -07:00
pci-host hw/ppc: Avoid using Monitor in pnv_phb4_pic_print_info() 2024-06-19 12:40:49 +02:00
pcmcia hw/pcmcia/pxa2xx: Inline pxa2xx_pcmcia_init() 2023-10-27 12:48:57 +01:00
ppc ppc/pnv: Introduce pnv_chip_foreach_cpu() 2024-06-19 12:40:49 +02:00
remote hw/remote/vfio-user: Fix config space access byte order 2024-05-08 19:43:15 +02:00
riscv hw/riscv/virt.c: Make block devices default to virtio 2024-06-26 23:00:59 +10:00
rtc hw/i386: move rtc-reset-reinjection command out of hw/rtc 2024-05-10 15:45:15 +02:00
rx kconfig: express dependency of individual boards on libfdt 2024-05-10 15:45:15 +02:00
s390x virtio-ccw: Handle extra notification data 2024-07-01 14:56:23 -04:00
scsi vhost-user: fix lost reconnect again 2024-07-01 17:16:04 -04:00
sd hw/sd/sdcard: Add comments around registers and commands 2024-06-24 15:08:40 +02:00
sensor hw, target: Add ResetType argument to hold and exit phase methods 2024-04-25 10:21:06 +01:00
sh4 hw/sh4: Remove newline character in trace events 2024-06-10 13:05:27 -04:00
smbios hw/smbios: Remove 'smbios_uuid_encoded', simplify smbios_encode_uuid() 2024-06-19 12:40:49 +02:00
sparc sparc: switch boards to "default y" 2024-05-03 15:47:48 +02:00
sparc64 qemu-sparc queue 2024-05-06 10:19:56 -07:00
ssi aspeed/smc: Add AST2700 support 2024-06-16 21:08:54 +02:00
timer hw/timer/a9gtimer: Handle QTest mode in a9_gtimer_get_current_cpu 2024-06-21 14:01:59 +01:00
tpm hw/tpm: Remove HOST_PAGE_ALIGN from tpm_ppi_init 2024-02-29 11:35:36 -10:00
tricore tricore: switch boards to "default y" 2024-05-03 15:47:48 +02:00
ufs hw/ufs: Fix potential bugs in MMIO read|write 2024-06-30 12:44:32 +09:00
usb hw/usb/hcd-ohci: Fix ohci_service_td: accept zero-length TDs where CBP=BE+1 2024-06-21 16:20:45 +01:00
vfio vfio/container: Move vfio_container_destroy() to an instance_finalize() handler 2024-06-24 23:15:31 +02:00
virtio virtio-iommu: add error check before assert 2024-07-01 17:16:05 -04:00
watchdog aspeed/wdt: Add AST2700 support 2024-06-16 21:08:54 +02:00
xen xen-hvm: Avoid livelock while handling buffered ioreqs 2024-07-01 14:57:18 +02:00
xenpv hw/xen: Register framebuffer backend via xen_backend_init() 2024-06-04 11:53:43 +02:00
xtensa hw/xtensa: require libfdt 2024-05-10 15:45:15 +02:00
Kconfig hw: Fix problem with the A*MPCORE switches in the Kconfig files 2024-04-25 12:48:12 +02:00
meson.build hw/rdma: Remove deprecated pvrdma device and rdmacm-mux helper 2024-04-24 16:03:38 +02:00