qemu/hw/scsi
Thomas Huth ee760ac80a hw/scsi/megasas: Fix possible out-of-bounds array access in tracepoints
Some tracepoints in megasas.c use a guest-controlled value as an index
into the mfi_frame_desc[] array. Thus a malicious guest could cause an
out-of-bounds error here. Fortunately, the impact is very low since this
can only happen when the corresponding tracepoints have been enabled
before, but the problem should be fixed anyway with a proper check.

Buglink: https://bugs.launchpad.net/qemu/+bug/1882065
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20200615072629.32321-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-26 09:39:37 -04:00
..
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c scsi/esp-pci: add g_assert() for fix clang analyzer warning in esp_pci_io_write() 2020-05-04 11:17:27 +02:00
esp.c hw/scsi/esp: Remove superfluous semicolon 2020-02-18 20:20:49 +01:00
Kconfig hw/nvram/Kconfig: Add an entry for the NMC93xx EEPROM 2020-01-07 12:08:39 +01:00
lsi53c895a.c qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
Makefile.objs scsi: express dependencies with Kconfig 2019-03-07 21:45:53 +01:00
megasas.c hw/scsi/megasas: Fix possible out-of-bounds array access in tracepoints 2020-06-26 09:39:37 -04:00
mfi.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
mptendian.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
mptsas.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
mptsas.h mptsas: really fix migration compatibility 2016-08-03 18:44:56 +02:00
scsi-bus.c qdev: Make qdev_prop_set_drive() match the other helpers 2020-06-23 16:07:07 +02:00
scsi-disk.c block: consolidate blocksize properties consistency checks 2020-06-17 14:53:40 +02:00
scsi-generic.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
spapr_vscsi.c qdev: Convert uses of qdev_create() with Coccinelle 2020-06-15 22:00:10 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
trace-events hw/scsi/spapr_vscsi: Convert debug fprintf() to trace event 2020-03-17 15:08:50 +11:00
vhost-scsi-common.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
vhost-scsi.c qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
vhost-user-scsi.c qom/object: Move Object typedef to 'qemu/typedefs.h' 2020-06-10 12:09:36 -04:00
viosrp.h hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size 2020-03-17 15:08:50 +11:00
virtio-scsi-dataplane.c Replace '-enable-kvm' with '-accel kvm' in docs and help texts 2018-06-28 19:05:32 +02:00
virtio-scsi.c qdev: Unrealize must not fail 2020-05-15 07:08:14 +02:00
vmw_pvscsi.c hw/scsi/vmw_pvscsi: Remove assertion for kick after reset 2020-04-01 19:00:16 +02:00
vmw_pvscsi.h scsi: VMWare PVSCSI paravirtual device implementation 2013-04-19 10:44:17 +02:00