qemu/hw/i386/xen
Ross Lagerwall a021a2dd8b xen-mapcache: Avoid entry->lock overflow
In some cases, a particular mapcache entry may be mapped 256 times
causing the lock field to wrap to 0. For example, this may happen when
using emulated NVME and the guest submits a large scatter-gather write.
At this point, the entry map be remapped causing QEMU to write the wrong
data or crash (since remap is not atomic).

Avoid this overflow by increasing the lock field to a uint32_t and also
detect it and abort rather than continuing regardless.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <20220124104450.152481-1-ross.lagerwall@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2022-01-27 15:14:21 +00:00
..
meson.build meson: convert hw/arch* 2020-08-21 06:30:33 -04:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
xen_apic.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
xen_platform.c Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
xen_pvdevice.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
xen-hvm.c xen-hvm: Allow disabling buffer_io_timer 2022-01-27 15:14:11 +00:00
xen-mapcache.c xen-mapcache: Avoid entry->lock overflow 2022-01-27 15:14:21 +00:00