qemu/hw
Paolo Bonzini 9bd634b2f5 scsi-generic: fix buffer overflow on block limits inquiry
Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
device makes qemu crash.  This is caused by a buffer overflow when
scsi-generic patches the block limits VPD page.

Do the operations on a temporary on-stack buffer that is guaranteed
to be large enough.

Reported-by: Théo Maillart <tmaillart@freebox.fr>
Analyzed-by: Théo Maillart <tmaillart@freebox.fr>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18 08:53:51 +02:00
..
9pfs 9pfs/xen: Fix segfault on shutdown 2023-05-16 16:21:54 +02:00
acpi hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
adc hw/adc: Make adci[*] R/W in NPCM7XX ADC 2022-07-18 13:20:14 +01:00
alpha Drop duplicate #include 2023-02-08 07:28:05 +01:00
arm hw/arm: Select XLNX_USB_SUBSYS for xlnx-zcu102 machine 2023-05-10 16:02:58 +01:00
audio hw/audio/via-ac97: Basic implementation of audio playback 2023-03-08 00:37:48 +01:00
avr
block virtio-blk: add some trace events for zoned emulation 2023-05-15 08:18:10 -04:00
char hw/riscv: Add signature dump function for spike to run ACT tests 2023-05-05 10:49:50 +10:00
core hw/core: Move machine-qmp-cmds.c into the target independent source set 2023-05-16 09:14:18 +02:00
cpu hw/cpu: Mark arm11 and realview mpcore as target-independent code 2023-01-16 17:51:20 +01:00
cris
cxl hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
display hw/display/sm501: Remove unneeded increment from loop 2023-05-05 12:34:22 -03:00
dma replace TABs with spaces 2023-03-20 12:43:50 +01:00
gpio replace TABs with spaces 2023-03-20 12:43:50 +01:00
hppa hw/isa: Rename isa_bus_irqs() -> isa_bus_register_input_irqs() 2023-02-27 22:29:02 +01:00
hyperv win32: replace closesocket() with close() wrapper 2023-03-13 15:39:31 +04:00
i2c hw/i2c/allwinner-i2c: Fix subclassing of TYPE_AW_I2C_SUN6I 2023-04-11 14:13:29 +01:00
i386 intel_iommu: refine iotlb hash calculation 2023-04-24 22:56:55 -04:00
ide hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
input replace TABs with spaces 2023-03-20 12:43:50 +01:00
intc hw/intc: Add NULL pointer check on LoongArch ipi device 2023-05-15 19:09:33 +08:00
ipack include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
ipmi include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
isa virtio,pc,pci: features, fixes 2023-03-10 14:31:37 +00:00
loongarch hw/loongarch/virt: Set max 256 cpus support on loongarch virt machine 2023-05-15 19:09:33 +08:00
m68k hw: Add compat machines for 8.1 2023-04-21 04:25:52 -04:00
mem virtio-balloon: optimize the virtio-balloon on the ARM platform 2023-04-21 04:25:52 -04:00
microblaze hw/char/xilinx_uartlite: Open-code xilinx_uartlite_create() 2023-02-27 13:27:05 +00:00
mips hw/mips/malta: Fix minor dead code issue 2023-05-12 15:43:38 +01:00
misc hw/arm/bcm2835_property: Implement "get command line" message 2023-05-02 15:47:40 +01:00
net hw/net: Move xilinx_ethlite.c to the target-independent source set 2023-05-16 09:14:18 +02:00
nios2 hw/nios2: set machine->fdt in nios2_load_dtb() 2022-10-17 16:15:10 -03:00
nubus hw/nubus/nubus-device: Fix memory leak in nubus_device_realize 2023-02-27 22:29:01 +01:00
nvme hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
nvram aspeed queue: 2023-03-03 17:11:22 +00:00
openrisc *: Add missing includes of qemu/error-report.h 2023-03-22 15:06:57 +00:00
pci hw/pci-bridge: Fix release ordering by embedding PCIBridgeWindows within PCIBridge 2023-05-16 09:14:18 +02:00
pci-bridge hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
pci-host raven: disable reentrancy detection for iomem 2023-04-28 11:31:54 +02:00
pcmcia
ppc hw/ppc/Kconfig: NVDIMM is a hard requirement for the pseries machine 2023-05-05 12:34:22 -03:00
rdma hw/rdma: VMW_PVRDMA should depend on VMXNET3_PCI 2023-04-28 08:05:37 +02:00
remote Drop duplicate #include 2023-02-08 07:28:05 +01:00
riscv hw/riscv: Add signature dump function for spike to run ACT tests 2023-05-05 10:49:50 +10:00
rtc replace TABs with spaces 2023-03-20 12:43:50 +01:00
rx rx: re-randomize rng-seed on reboot 2022-10-27 11:34:31 +01:00
s390x s390x/pv: Fix spurious warning with asynchronous teardown 2023-05-16 09:14:18 +02:00
scsi scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 08:53:51 +02:00
sd hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields 2023-05-02 15:47:41 +01:00
sensor Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
sh4 hw/ide/mmio: Extract TYPE_MMIO_IDE declarations to 'hw/ide/mmio.h' 2023-02-27 22:29:02 +01:00
smbios hw/smbios: fix field corruption in type 4 table 2023-03-02 03:10:46 -05:00
sparc
sparc64 pci: avoid accessing slot_reserved_mask directly outside of pci.c 2023-04-21 04:25:52 -04:00
ssi hw/ssi: Fix Linux driver init issue with xilinx_spi 2023-04-03 16:12:30 +01:00
timer hw/timer/imx_epit: fix limit check 2023-04-20 10:21:14 +01:00
tpm tpm: Add support for TPM device over I2C bus 2023-04-20 08:17:15 -04:00
tricore
usb hw/arm: Select XLNX_USB_SUBSYS for xlnx-zcu102 machine 2023-05-10 16:02:58 +01:00
vfio vfio/pci: Static Resizable BAR capability 2023-05-09 09:30:13 -06:00
virtio virtio-blk: add zoned storage emulation for zoned devices 2023-05-15 08:18:10 -04:00
watchdog hw/watchdog: Allwinner WDT emulation for system reset 2023-04-20 10:21:13 +01:00
xen pci: avoid accessing slot_reserved_mask directly outside of pci.c 2023-04-21 04:25:52 -04:00
xenpv hw/xenpv: Initialize Xen backend operations 2023-03-24 14:52:14 +00:00
xtensa
Kconfig xen: add CONFIG_XEN_BUS and CONFIG_XEN_EMU options for Xen emulation 2023-03-01 08:22:49 +00:00
meson.build hw/loongarch: Add support loongson3 virt machine type. 2022-06-06 18:09:03 +00:00