[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 10/41] virtio: check vring descriptor buffer length
From: |
Michael S. Tsirkin |
Subject: |
[Qemu-devel] [PULL 10/41] virtio: check vring descriptor buffer length |
Date: |
Fri, 29 Jul 2016 06:15:36 +0300 |
From: Prasad J Pandit <address@hidden>
virtio back end uses set of buffers to facilitate I/O operations.
An infinite loop unfolds in virtqueue_pop() if a buffer was
of zero size. Add check to avoid it.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Stefan Hajnoczi <address@hidden>
---
hw/virtio/virtio.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 752b271..b4d0511 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -458,6 +458,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg,
hwaddr *addr, struct iove
unsigned num_sg = *p_num_sg;
assert(num_sg <= max_num_sg);
+ if (!sz) {
+ error_report("virtio: zero sized buffers are not allowed");
+ exit(1);
+ }
+
while (sz) {
hwaddr len = sz;
--
MST
- [Qemu-devel] [PULL 00/41] pc, pci, virtio: cleanups, fixes, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 02/41] hw/pcie-root-port: Fix PCIe root port initialization, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 01/41] pcie: fix link active status bit migration, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 03/41] hw/pxb: declare pxb devices as not hot-pluggable, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 04/41] hw/acpi: fix a DSDT table issue when a pxb is present., Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 05/41] acpi: refactor pxb crs computation, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 06/41] hw/apci: handle 64-bit MMIO regions correctly, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 07/41] hw/pci-bridge: Convert pxb initialization functions to Error, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 08/41] apb: convert init to realize, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 09/41] hw/virtio-pci: fix virtio behaviour, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 10/41] virtio: check vring descriptor buffer length,
Michael S. Tsirkin <=
- [Qemu-devel] [PULL 11/41] misc: indentation, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 12/41] vhost-user: minor simplification, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 13/41] vhost-user: disconnect on HUP, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 15/41] vhost: make vhost_log_put() idempotent, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 14/41] vhost: don't assume opaque is a fd, use backend cleanup, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 16/41] vhost: assert the log was cleaned up, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 17/41] vhost: fix cleanup on not fully initialized device, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 18/41] vhost: make vhost_dev_cleanup() idempotent, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 19/41] vhost-net: always call vhost_dev_cleanup() on failure, Michael S. Tsirkin, 2016/07/28
- [Qemu-devel] [PULL 20/41] vhost: fix calling vhost_dev_cleanup() after vhost_dev_init(), Michael S. Tsirkin, 2016/07/28