mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f2eea93c6b
qemu/hw/block
History
Stefan Hajnoczi f2eea93c6b virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb() 
Hanna Czenczek <hreitz@redhat.com> noted that the array index in
virtio_blk_dma_restart_cb() is not bounds-checked:

  g_autofree VirtIOBlockReq **vq_rq = g_new0(VirtIOBlockReq *, num_queues);
  ...
  while (rq) {
      VirtIOBlockReq *next = rq->next;
      uint16_t idx = virtio_get_queue_index(rq->vq);

      rq->next = vq_rq[idx];
                 ^^^^^^^^^^

The code is correct because both rq->vq and vq_rq[] depend on
num_queues, but this is indirect and not 100% obvious. Add an assertion.

Suggested-by: Hanna Czenczek <hreitz@redhat.com>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240206190610.107963-4-stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2024-02-07 14:44:13 +01:00
..
dataplane virtio-blk: move dataplane code into virtio-blk.c 2024-01-26 11:16:58 +01:00
block.c hw/block/block.c: improve confusing blk_check_size_and_read_all() error 2024-01-30 16:19:00 -05:00
cdrom.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
ecc.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
fdc-internal.h hw/block/fdc: Declare shared prototypes in fdc-internal.h 2021-06-25 08:53:28 -04:00
fdc-isa.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
fdc-sysbus.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
fdc.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
hd-geometry.c hw/other: spelling fixes 2023-09-21 11:31:16 +03:00
Kconfig hw/block/fdc: Extract SysBus floppy controllers to fdc-sysbus.c 2021-06-25 08:53:28 -04:00
m25p80_sfdp.c m25p80: Add the is25wp256 SFPD table 2023-02-07 09:02:04 +01:00
m25p80_sfdp.h m25p80: Add the is25wp256 SFPD table 2023-02-07 09:02:04 +01:00
m25p80.c hw/block/block.c: improve confusing blk_check_size_and_read_all() error 2024-01-30 16:19:00 -05:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
nand.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
onenand.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
pflash_cfi01.c hw/block/block.c: improve confusing blk_check_size_and_read_all() error 2024-01-30 16:19:00 -05:00
pflash_cfi02.c hw/block/block.c: improve confusing blk_check_size_and_read_all() error 2024-01-30 16:19:00 -05:00
swim.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
tc58128.c hw/block: Deprecate the TC58128 block device 2024-01-19 12:28:59 +01:00
trace-events hw/pflash: implement update buffer for block writes 2024-01-19 12:28:59 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-user-blk.c hw/block: Constify VMState 2023-12-29 11:17:30 +11:00
virtio-blk-common.c virtio-blk: add zoned storage emulation for zoned devices 2023-05-15 08:18:10 -04:00
virtio-blk.c virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb() 2024-02-07 14:44:13 +01:00
xen_blkif.h xen: Import other xen/io/*.h 2019-06-24 10:42:30 +01:00
xen-block.c hw/xen: clean up xen_block_find_free_vdev() to avoid Coverity false positive 2023-11-21 11:45:06 +00:00