[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 066/156] virtio: allow mapping up to max queue size
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 066/156] virtio: allow mapping up to max queue size |
|
Date: |
Tue, 8 Jul 2014 12:17:37 -0500 |
From: "Michael S. Tsirkin" <address@hidden>
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so
it's OK if the value read is VIRTQUEUE_MAX_SIZE.
Not a big problem in practice as people don't use
such big queues, but it's inelegant.
Reported-by: "Dr. David Alan Gilbert" <address@hidden>
Cc: address@hidden
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 937251408051e0489f78e4db3c92e045b147b38b)
Signed-off-by: Michael Roth <address@hidden>
---
hw/virtio/virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 151fae9..c6265c6 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -427,7 +427,7 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
unsigned int i;
hwaddr len;
- if (num_sg >= VIRTQUEUE_MAX_SIZE) {
+ if (num_sg > VIRTQUEUE_MAX_SIZE) {
error_report("virtio: map attempt out of bounds: %zd > %d",
num_sg, VIRTQUEUE_MAX_SIZE);
exit(1);
--
1.9.1
- [Qemu-stable] [PATCH 154/156] sdhci: Fix misuse of qemu_free_irqs(), (continued)
- [Qemu-stable] [PATCH 154/156] sdhci: Fix misuse of qemu_free_irqs(), Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 148/156] nbd: Don't export a block device with no medium., Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 155/156] hw: Fix qemu_allocate_irqs() leaks, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 156/156] pci: assign devfn to pci_dev before calling pci_device_iommu_address_space(), Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 153/156] vnc: Fix tight_detect_smooth_image() for lossless case, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 144/156] coroutine-win32.c: Add noinline attribute to work around gcc bug, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 117/156] qcow1: Check maximum cluster size, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 010/156] tests: Fix 'make test' for i686 hosts (build regression), Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 008/156] qom: Avoid leaking str and bool properties on failure, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 009/156] tap: avoid deadlocking rx, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 066/156] virtio: allow mapping up to max queue size,
Michael Roth <=
- [Qemu-stable] [PATCH 019/156] ide: Correct improper smart self test counter reset in ide core., Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 083/156] vpc: Validate block size (CVE-2014-0142), Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 111/156] qcow2: Fix copy_sectors() with VM state, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 103/156] dmg: prevent out-of-bounds array access on terminator, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 149/156] nbd: Don't validate from and len in NBD_CMD_DISC., Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 058/156] stellaris_enet: block migration, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 017/156] qcow2: Flush metadata during read-only reopen, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 057/156] virtio: validate config_len on load, Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 106/156] dmg: sanitize chunk length and sectorcount (CVE-2014-0145), Michael Roth, 2014/07/08
- [Qemu-stable] [PATCH 082/156] vpc/vhd: add bounds check for max_table_entries and block_size (CVE-2014-0144), Michael Roth, 2014/07/08