OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
17c67f6849
qemu-e2k/include/hw
History
Carlos López f0d634ea19 virtio: refresh vring region cache after updating a virtqueue size 
When a virtqueue size is changed by the guest via
virtio_queue_set_num(), its region cache is not automatically updated.
If the size was increased, this could lead to accessing the cache out
of bounds. For example, in vring_get_used_event():

    static inline uint16_t vring_get_used_event(VirtQueue *vq)
    {
        return vring_avail_ring(vq, vq->vring.num);
    }

    static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
    {
        VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
        hwaddr pa = offsetof(VRingAvail, ring[i]);

        if (!caches) {
            return 0;
        }

        return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
    }

vq->vring.num will be greater than caches->avail.len, which will
trigger a failed assertion down the call path of
virtio_lduw_phys_cached().

Fix this by calling virtio_init_region_cache() after
virtio_queue_set_num() if we are not already calling
virtio_queue_set_rings(). In the legacy path this is already done by
virtio_queue_update_rings().

Signed-off-by: Carlos López <clopez@suse.de>
Message-Id: <20230317002749.27379-1-clopez@suse.de>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-04-21 03:08:21 -04:00
..
acpi replace TABs with spaces 2023-03-20 12:43:50 +01:00
adc hw/arm/npcm7xx: Declare QOM macros using OBJECT_DECLARE_SIMPLE_TYPE() 2023-01-12 17:15:09 +00:00
arm hw: arm: allwinner-h3: Fix and complete H3 i2c devices 2023-03-06 15:31:24 +00:00
audio
block hw/block: replace TABs with space 2023-03-24 11:45:46 +01:00
char hw/char/cmsdk-apb-uart: Open-code cmsdk_apb_uart_create() 2023-02-27 13:27:05 +00:00
core softmmu: Restore use of CPU watchpoint for all accelerators 2023-03-28 15:24:06 -07:00
cpu
cris include: Include headers where needed 2023-01-08 01:54:22 -05:00
cxl hw/pxb-cxl: Support passthrough HDM Decoders unless overridden 2023-03-07 19:51:07 -05:00
display include: Include headers where needed 2023-01-08 01:54:22 -05:00
dma include: Include headers where needed 2023-01-08 01:54:22 -05:00
firmware hw/smbios: add core_count2 to smbios table type 4 2022-11-07 14:08:17 -05:00
gpio
hyperv
i2c hw: allwinner-i2c: Fix TWI_CNTR_INT_FLAG on SUN6i SoCs 2023-03-06 14:08:12 +00:00
i386 include/hw/i386: Clean up includes in x86.h 2023-03-07 14:30:42 +01:00
ide hw/ide: replace TABs with space 2023-03-24 11:45:33 +01:00
input hw/input: Clean up includes 2023-02-08 07:16:23 +01:00
intc hw/mips: Declare all length properties as unsigned 2023-03-08 00:37:48 +01:00
ipack
ipmi
isa hw/audio/via-ac97: Basic implementation of audio playback 2023-03-08 00:37:48 +01:00
kvm
loongarch hw/loongarch/virt: add system_powerdown hmp command support 2023-03-03 09:37:30 +08:00
m68k
mem acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug() 2022-07-26 10:37:46 -04:00
mips hw/mips/bootloader: Handle buffers as opaque arrays 2023-01-13 09:32:32 +01:00
misc hw/mips/itu: Pass SAAR using QOM link property 2023-03-08 00:37:48 +01:00
net fsl_etsec: Use hw/net/mii.h 2023-03-10 15:35:38 +08:00
nubus
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-02 03:10:46 -05:00
openrisc hw/openrisc: Split re-usable boot time apis out to boot.c 2022-09-04 07:02:56 +01:00
pci replace TABs with spaces 2023-03-20 12:43:50 +01:00
pci-bridge
pci-host ppc patch queue for 2023-03-03: 2023-03-04 14:01:34 +00:00
ppc pnv_phb4_pec: Simplify/align code to parent user-created PHBs 2023-03-03 16:50:17 -03:00
rdma
remote include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
riscv hw/riscv/virt: Enable basic ACPI infrastructure 2023-03-06 11:35:04 -08:00
rtc hw/rtc: Rename rtc_[get|set]_memory -> mc146818rtc_[get|set]_cmos_data 2023-02-27 22:29:02 +01:00
rx
s390x s390x/pv: Add support for asynchronous teardown for reboot 2023-02-27 09:15:39 +01:00
scsi replace TABs with spaces 2023-03-20 12:43:50 +01:00
sd replace TABs with spaces 2023-03-20 12:43:50 +01:00
sensor
sh4
southbridge hw: Move ich9.h to southbridge/ 2023-02-27 22:29:01 +01:00
sparc
ssi Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
timer hw: Replace isa_get_irq() by isa_bus_get_irq() when ISABus is available 2023-02-27 22:29:02 +01:00
tricore Do not include hw/hw.h if it is not necessary 2023-02-27 09:15:38 +01:00
usb include: Include headers where needed 2023-01-08 01:54:22 -05:00
vfio vfio/migration: Rename entry points 2023-03-07 11:19:07 -07:00
virtio virtio: refresh vring region cache after updating a virtqueue size 2023-04-21 03:08:21 -04:00
watchdog hw/watchdog/wdt_aspeed: Log unimplemented registers as UNIMP level 2023-02-07 09:02:05 +01:00
xen hw/xen: Rename xen_common.h to xen_native.h 2023-03-07 17:04:30 +00:00
xtensa
boards.h virtio,pc,pci: features, cleanups, fixes 2023-01-09 10:07:12 +00:00
clock.h
elf_ops.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
fw-path-provider.h
hotplug.h pci: fix 'hotplugglable' property behavior 2023-03-07 12:38:59 -05:00
hw.h
ide.h hw/ide: Declare ide_get_[geometry/bios_chs_trans] in 'hw/ide/internal.h' 2023-02-27 22:29:02 +01:00
irq.h
loader-fit.h
loader.h hw: arm: Support direct boot for Linux/arm64 EFI zboot images 2023-03-06 14:08:12 +00:00
nmi.h
or-irq.h hw: Replace qemu_or_irq typedef by OrIRQState 2023-02-27 13:27:05 +00:00
pcmcia.h replace TABs with spaces 2023-03-20 12:43:50 +01:00
platform-bus.h
ptimer.h
qdev-clock.h
qdev-core.h pci: fix 'hotplugglable' property behavior 2023-03-07 12:38:59 -05:00
qdev-dma.h
qdev-properties-system.h
qdev-properties.h
register.h
registerfields.h
resettable.h
stream.h
sysbus.h
usb.h hw/usb: fix tab indentation 2022-11-08 11:13:48 +01:00
vmstate-if.h