qemu/hw/virtio
Stefano Garzarella 8d1b247f37 vhost-vsock: detach the virqueue element in case of error
In vhost_vsock_common_send_transport_reset(), if an element popped from
the virtqueue is invalid, we should call virtqueue_detach_element() to
detach it from the virtqueue before freeing its memory.

Fixes: fc0b9b0e1c ("vhost-vsock: add virtio sockets device")
Fixes: CVE-2022-26354
Cc: qemu-stable@nongnu.org
Reported-by: VictorV <vv474172261@gmail.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Message-Id: <20220228095058.27899-1-sgarzare@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-03-06 05:08:23 -05:00
..
Kconfig vhost-user-rng: Add vhost-user-rng implementation 2021-10-20 04:37:55 -04:00
meson.build vhost-user-rng-pci: Add vhost-user-rng-pci implementation 2021-10-20 04:37:55 -04:00
trace-events virtio-iommu: Default to bypass during boot 2022-03-06 05:08:23 -05:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-backend.c vhost-backend: stick to -errno error return convention 2022-01-07 05:19:55 -05:00
vhost-scsi-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vhost-stub.c vhost-user: simplify vhost_user_init/vhost_user_cleanup 2019-03-12 21:22:31 -04:00
vhost-user-blk-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vhost-user-fs-pci.c vhost-user-fs: add the "bootindex" property 2021-01-13 09:06:37 -05:00
vhost-user-fs.c Revert "virtio: introduce macro IRTIO_CONFIG_IRQ_IDX" 2022-01-10 16:02:54 -05:00
vhost-user-i2c-pci.c hw/virtio: add vhost-user-i2c-pci boilerplate 2021-07-16 11:10:45 -04:00
vhost-user-i2c.c hw/vhost-user-i2c: Add support for VIRTIO_I2C_F_ZERO_LENGTH_REQUEST 2022-03-04 08:30:52 -05:00
vhost-user-input-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vhost-user-rng-pci.c vhost-user-rng-pci: Add vhost-user-rng-pci implementation 2021-10-20 04:37:55 -04:00
vhost-user-rng.c vhost-user-rng: Add vhost-user-rng implementation 2021-10-20 04:37:55 -04:00
vhost-user-scsi-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vhost-user-vsock-pci.c vhost-user-vsock-pci: force virtio version 1 2020-09-29 02:15:24 -04:00
vhost-user-vsock.c vhost-vsock: handle common features in vhost-vsock-common 2021-10-05 17:30:57 -04:00
vhost-user.c vhost-user: fix VirtQ notifier cleanup 2022-03-04 08:30:52 -05:00
vhost-vdpa.c vhost-vdpa: make notifiers _init()/_uninit() symmetric 2022-03-06 05:08:23 -05:00
vhost-vsock-common.c vhost-vsock: detach the virqueue element in case of error 2022-03-06 05:08:23 -05:00
vhost-vsock-pci.c vhost-vsock-pci: force virtio version 1 2020-09-29 02:15:24 -04:00
vhost-vsock.c virtio/vhost-vsock: don't double close vhostfd, remove redundant cleanup 2022-01-07 19:30:13 -05:00
vhost.c Revert "vhost: add support for configure interrupt" 2022-01-10 16:01:11 -05:00
virtio-9p-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-balloon-pci.c hw/virtio/virtio-balloon: Remove the "class" property 2021-02-05 08:52:59 -05:00
virtio-balloon.c include: Move qemu_madvise() and related #defines to new qemu/madvise.h 2022-02-21 13:30:20 +00:00
virtio-blk-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-bus.c virtio: fix the condition for iommu_platform not supported 2022-03-04 08:30:52 -05:00
virtio-crypto-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-crypto.c Revert "virtio: introduce macro IRTIO_CONFIG_IRQ_IDX" 2022-01-10 16:02:54 -05:00
virtio-input-host-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-input-pci.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
virtio-iommu-pci.c hw/arm/virt: Remove device tree restriction for virtio-iommu 2021-12-15 10:35:26 +00:00
virtio-iommu.c virtio-iommu: Support bypass domain 2022-03-06 05:08:23 -05:00
virtio-mem-pci.c qapi: Include qom-path in MEMORY_DEVICE_SIZE_CHANGE qapi events 2021-10-02 08:43:21 +02:00
virtio-mem-pci.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-mem.c hw/arm/virt: Support for virtio-mem-pci 2022-01-20 11:47:52 +00:00
virtio-mmio.c Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
virtio-net-pci.c virtio-net: calculating proper msix vectors on init 2021-03-15 16:41:22 +08:00
virtio-pci.c Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
virtio-pci.h Revert "virtio-pci: add support for configure interrupt" 2022-01-10 16:00:02 -05:00
virtio-pmem-pci.c virtio-pmem-pci: force virtio version 1 2020-09-29 02:14:30 -04:00
virtio-pmem-pci.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-pmem.c Mark remaining global TypeInfo instances as const 2022-02-21 13:30:20 +00:00
virtio-rng-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-rng.c sysemu: Let VMChangeStateHandler take boolean 'running' argument 2021-03-09 23:13:57 +01:00
virtio-scsi-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-serial-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio.c Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00