[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 044/108] virtio: allow mapping up to max queue size
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 044/108] virtio: allow mapping up to max queue size |
|
Date: |
Wed, 6 Aug 2014 15:38:54 -0500 |
From: "Michael S. Tsirkin" <address@hidden>
It's a loop from i < num_sg and the array is VIRTQUEUE_MAX_SIZE - so
it's OK if the value read is VIRTQUEUE_MAX_SIZE.
Not a big problem in practice as people don't use
such big queues, but it's inelegant.
Reported-by: "Dr. David Alan Gilbert" <address@hidden>
Cc: address@hidden
Signed-off-by: Michael S. Tsirkin <address@hidden>
(cherry picked from commit 937251408051e0489f78e4db3c92e045b147b38b)
Signed-off-by: Michael Roth <address@hidden>
---
hw/virtio/virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index abfc4e9..6523e62 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -430,7 +430,7 @@ void virtqueue_map_sg(struct iovec *sg, hwaddr *addr,
unsigned int i;
hwaddr len;
- if (num_sg >= VIRTQUEUE_MAX_SIZE) {
+ if (num_sg > VIRTQUEUE_MAX_SIZE) {
error_report("virtio: map attempt out of bounds: %zd > %d",
num_sg, VIRTQUEUE_MAX_SIZE);
exit(1);
--
1.9.1
- [Qemu-stable] [PATCH 035/108] target-arm: A64: Handle blr lr, (continued)
- [Qemu-stable] [PATCH 035/108] target-arm: A64: Handle blr lr, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 036/108] target-arm: Make vbar_write 64bit friendly on 32bit hosts, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 037/108] linux-user/elfload.c: Fix incorrect ARM HWCAP bits, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 039/108] linux-user/elfload.c: Fix A64 code which was incorrectly acting like A32, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 038/108] linux-user/elfload.c: Update ARM HWCAP bits, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 026/108] arm: translate.c: Fix smlald Instruction, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 042/108] Revert "qapi: Clean up superfluous null check in qapi_dealloc_type_str()", Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 041/108] configure: remove bashism, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 043/108] pci-assign: limit # of msix vectors, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 040/108] spapr_pci: Fix number of returned vectors in ibm, change-msi, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 044/108] virtio: allow mapping up to max queue size,
Michael Roth <=
- [Qemu-stable] [PATCH 045/108] qcow1: Make padding in the header explicit, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 047/108] qcow1: Validate L2 table size (CVE-2014-0222), Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 046/108] qcow1: Check maximum cluster size, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 049/108] qcow1: Stricter backing file length check, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 048/108] qcow1: Validate image size (CVE-2014-0223), Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 051/108] target-xtensa: fix cross-page jumps/calls at the end of TB, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 052/108] cputlb: Fix regression with TCG interpreter (bug 1310324), Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 050/108] virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 053/108] input (curses): mask keycodes to remove modifier bits, Michael Roth, 2014/08/06
- [Qemu-stable] [PATCH 055/108] block/sheepdog: Plug memory leak in sd_snapshot_create(), Michael Roth, 2014/08/06