OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
54a53a006e
qemu-e2k/hw/scsi
History
Mark Cave-Ayland 54a53a006e scsi-disk: fix overflow when block size is not a multiple of BDRV_SECTOR_SIZE 
In scsi_disk_emulate_write_same() the number of host sectors to transfer is
calculated as (s->qdev.blocksize / BDRV_SECTOR_SIZE) which is then used to
copy data in block size chunks to the iov buffer.

Since the loop copying the data to the iov buffer uses a fixed increment of
s->qdev.blocksize then using a block size that isn't a multiple of
BDRV_SECTOR_SIZE introduces a rounding error in the iov buffer size calculation
such that the iov buffer copy overflows the space allocated.

Update the iov buffer copy for() loop so that it will use the smallest of either
the current block size or the remaining transfer count to prevent the overflow.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220730122656.253448-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-08-01 15:22:39 +02:00
..
emulation.c
esp-pci.c pci: Let pci_dma_rw() take MemTxAttrs argument 2021-12-31 01:05:23 +01:00
esp.c esp: recreate ESPState current_req after migration 2022-03-09 09:29:10 +00:00
Kconfig build: move vhost-scsi configuration to Kconfig 2022-05-07 07:46:58 +02:00
lsi53c895a.c scsi/lsi53c895a: really fix use-after-free in lsi_do_msgout (CVE-2022-0216) 2022-07-13 16:58:57 +02:00
megasas.c include: Move hardware version declarations to new qemu/hw-version.h 2022-02-21 13:30:20 +00:00
meson.build
mfi.h Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
mpi.h
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c Remove unnecessary minimum_version_id_old fields 2022-01-28 15:38:23 +01:00
mptsas.h mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) 2021-04-19 15:48:12 +01:00
scsi-bus.c include: Move hardware version declarations to new qemu/hw-version.h 2022-02-21 13:30:20 +00:00
scsi-disk.c scsi-disk: fix overflow when block size is not a multiple of BDRV_SECTOR_SIZE 2022-08-01 15:22:39 +02:00
scsi-generic.c block: get rid of blk->guest_block_size 2022-06-24 17:07:06 +02:00
spapr_vscsi.c Trivial: 3 char repeat typos 2022-06-28 11:06:02 +02:00
srp.h
trace-events scsi-disk: allow MODE SELECT block descriptor to set the block size 2022-07-13 16:58:58 +02:00
trace.h
vhost-scsi-common.c
vhost-scsi.c virtio: add vhost support for virtio devices 2022-05-16 04:38:40 -04:00
vhost-user-scsi.c hw/vhost-user-scsi|blk: set supports_config flag correctly 2022-06-09 19:32:49 -04:00
viosrp.h
virtio-scsi-dataplane.c virtio-scsi: don't waste CPU polling the event virtqueue 2022-05-09 10:45:04 +01:00
virtio-scsi.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
vmw_pvscsi.c pci: Let ld*_pci_dma() propagate MemTxResult 2021-12-31 01:05:27 +01:00
vmw_pvscsi.h