qemu-e2k/include/hw/virtio
Carlos López f0d634ea19 virtio: refresh vring region cache after updating a virtqueue size
When a virtqueue size is changed by the guest via
virtio_queue_set_num(), its region cache is not automatically updated.
If the size was increased, this could lead to accessing the cache out
of bounds. For example, in vring_get_used_event():

    static inline uint16_t vring_get_used_event(VirtQueue *vq)
    {
        return vring_avail_ring(vq, vq->vring.num);
    }

    static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
    {
        VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
        hwaddr pa = offsetof(VRingAvail, ring[i]);

        if (!caches) {
            return 0;
        }

        return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
    }

vq->vring.num will be greater than caches->avail.len, which will
trigger a failed assertion down the call path of
virtio_lduw_phys_cached().

Fix this by calling virtio_init_region_cache() after
virtio_queue_set_num() if we are not already calling
virtio_queue_set_rings(). In the legacy path this is already done by
virtio_queue_update_rings().

Signed-off-by: Carlos López <clopez@suse.de>
Message-Id: <20230317002749.27379-1-clopez@suse.de>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-04-21 03:08:21 -04:00
..
vdpa-dev.h
vhost-backend.h vdpa: move vhost reset after get vring base 2023-03-07 12:38:59 -05:00
vhost-scsi-common.h
vhost-scsi.h
vhost-user-blk.h
vhost-user-fs.h
vhost-user-gpio.h vhost-user-gpio: Configure vhost_dev when connecting 2023-03-02 03:10:47 -05:00
vhost-user-i2c.h
vhost-user-rng.h
vhost-user-scsi.h
vhost-user-vsock.h
vhost-user.h
vhost-vdpa.h vdpa net: block migration if the device has CVQ 2023-03-07 12:38:59 -05:00
vhost-vsock-common.h
vhost-vsock.h
vhost.h
virtio-access.h
virtio-balloon.h
virtio-blk-common.h
virtio-blk.h virtio-blk: simplify virtio_blk_dma_restart_cb() 2023-01-23 15:01:23 -05:00
virtio-bus.h
virtio-crypto.h
virtio-gpu-bswap.h
virtio-gpu-pci.h
virtio-gpu-pixman.h
virtio-gpu.h
virtio-input.h
virtio-iommu.h
virtio-mem.h virtio-mem: Migrate immutable properties early 2023-02-06 19:22:56 +01:00
virtio-mmio.h include: Include headers where needed 2023-01-08 01:54:22 -05:00
virtio-net.h
virtio-pci.h virtio-pci: add support for configure interrupt 2023-01-08 01:54:22 -05:00
virtio-pmem.h
virtio-rng.h
virtio-scsi.h virtio-scsi: reset SCSI devices from main loop thread 2023-02-23 19:49:35 +01:00
virtio-serial.h
virtio.h virtio: refresh vring region cache after updating a virtqueue size 2023-04-21 03:08:21 -04:00