[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 09/21] vmw_pvscsi: check message ring page count at i
|
From: |
Paolo Bonzini |
|
Subject: |
[Qemu-devel] [PULL 09/21] vmw_pvscsi: check message ring page count at initialisation |
|
Date: |
Fri, 5 May 2017 12:13:25 +0200 |
From: P J P <address@hidden>
A guest could set the message ring page count to zero, resulting in
infinite loop. Add check to avoid it.
Reported-by: YY Z <address@hidden>
Signed-off-by: P J P <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Dmitry Fleytman <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
---
hw/scsi/vmw_pvscsi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
index 75575461e2..4a106da856 100644
--- a/hw/scsi/vmw_pvscsi.c
+++ b/hw/scsi/vmw_pvscsi.c
@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m,
PVSCSICmdDescSetupMsgRing *ri)
uint32_t len_log2;
uint32_t ring_size;
- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
return -1;
}
ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--
2.12.2
- [Qemu-devel] [PULL 05/21] use _Static_assert in QEMU_BUILD_BUG_ON, (continued)
- [Qemu-devel] [PULL 05/21] use _Static_assert in QEMU_BUILD_BUG_ON, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 01/21] hw/i386: Use Rev3 FADT (ACPI 2.0) instead of Rev1 to improve guest OS support., Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 04/21] target/i386: Add GDB XML register description support, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 06/21] vl: deprecate the "-hdachs" option, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 07/21] scsi: avoid an off-by-one error in megasas_mmio_write, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 10/21] trace: add qemu mutex lock and unlock trace events, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 11/21] checkpatch: Disallow glib asserts in main code, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 13/21] dump: Acquire BQL around vm_start() in dump thread, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 08/21] sgabios: update for "fix wrong video attrs for int 10h, ah==13h", Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 12/21] hax: Fix memory mapping de-duplication logic, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 09/21] vmw_pvscsi: check message ring page count at initialisation,
Paolo Bonzini <=
- [Qemu-devel] [PULL 14/21] Fix the -accel parameter and the documentation for 'hax', Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 15/21] MAINTAINERS: Add "R:" tag for self-appointed reviewers, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 16/21] get_maintainer: Teach get_maintainer.pl about the new "R:" tag, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 19/21] get_maintainer: add subsystem to reviewer output, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 17/21] get_maintainer: it's '--pattern-depth', not '-pattern-depth', Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 20/21] libvhost-user: replace vasprintf() to fix build, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 18/21] get_maintainer: --r (list reviewer) is on by default, Paolo Bonzini, 2017/05/05
- [Qemu-devel] [PULL 21/21] vhost-scsi: create a vhost-scsi-common abstraction, Paolo Bonzini, 2017/05/05