qemu/virtio at 7423192912af36a2cdf4eb2066f17ca37904ef5e - qemu

History

Dima Stepanov 7423192912 virtio: add checks for the size of the indirect table The virtqueue_pop() and virtqueue_get_avail_bytes() routines can use the INDIRECT table to get the data. It is possible to create a packet which will lead to the assert message like: include/exec/memory.h:1995: void address_space_read_cached(MemoryRegionCache , hwaddr, void , int): Assertion `addr < cache->len && len <= cache->len - addr' failed. Aborted To do it the first descriptor should have a link to the INDIRECT table and set the size of it to 0. It doesn't look good that the guest should be able to trigger the assert in qemu. Add additional check for the size of the INDIRECT table, which should not be 0. Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>		2019-02-01 17:30:53 -05:00
..
Makefile.objs	virtio: split virtio serial bits from virtio-pci	2019-01-17 21:10:57 -05:00
trace-events	vhost: add trace for IOTLB miss	2018-05-23 03:14:41 +03:00
vhost-backend.c	vhost: fix a memory leak	2017-08-02 00:13:25 +03:00
vhost-scsi-pci.c	virtio: split vhost scsi bits from virtio-pci	2019-01-17 21:10:57 -05:00
vhost-stub.c	vhost-user: introduce shared vhost-user state	2018-05-24 21:14:11 +03:00
vhost-user-blk-pci.c	virtio: split vhost user blk bits from virtio-pci	2019-01-17 21:10:57 -05:00
vhost-user-scsi-pci.c	virtio: split vhost user scsi bits from virtio-pci	2019-01-17 21:10:57 -05:00
vhost-user.c	vhost-user: fix ioeventfd_enabled	2019-01-14 19:31:04 -05:00
vhost-vsock-pci.c	virtio: split vhost vsock bits from virtio-pci	2019-01-17 21:10:57 -05:00
vhost-vsock.c	hw: use "qemu/osdep.h" as first #include in source files	2017-12-18 17:07:02 +03:00
vhost.c	vhost: fix invalid downcast	2018-09-07 17:05:18 -04:00
virtio-9p-pci.c	virtio: split virtio 9p bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-balloon-pci.c	virtio: split virtio balloon bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-balloon.c	hw/virtio/virtio-balloon: zero-initialize the virtio_balloon_config struct	2019-01-21 17:20:36 +00:00
virtio-blk-pci.c	virtio: split virtio blk bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-bus.c	virtio: remove event notifier cleanup call on de-assign	2018-02-08 21:06:26 +02:00
virtio-crypto-pci.c	virtio: split virtio crypto bits from virtio-pci.h	2019-01-17 21:10:57 -05:00
virtio-crypto.c	cryptodev: add vhost support	2018-03-01 18:26:17 +02:00
virtio-input-host-pci.c	virtio: split virtio input host bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-input-pci.c	virtio: split virtio input bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-mmio.c	virtio-mmio: switch to linux headers	2017-01-18 22:59:53 +02:00
virtio-net-pci.c	virtio: split virtio net bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-pci.c	virtio: split virtio serial bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-pci.h	virtio: split virtio crypto bits from virtio-pci.h	2019-01-17 21:10:57 -05:00
virtio-rng-pci.c	virtio: split virtio rng bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-rng.c	qom: make user_creatable_complete() specific to UserCreatable	2018-12-11 15:45:22 -02:00
virtio-scsi-pci.c	virtio: split virtio scsi bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio-serial-pci.c	virtio: split virtio serial bits from virtio-pci	2019-01-17 21:10:57 -05:00
virtio.c	virtio: add checks for the size of the indirect table	2019-02-01 17:30:53 -05:00