qemu-e2k/hw
Dima Stepanov 7423192912 virtio: add checks for the size of the indirect table
The virtqueue_pop() and virtqueue_get_avail_bytes() routines can use the
INDIRECT table to get the data. It is possible to create a packet which
will lead to the assert message like:
  include/exec/memory.h:1995: void
  address_space_read_cached(MemoryRegionCache *, hwaddr, void *, int):
  Assertion `addr < cache->len && len <= cache->len - addr' failed.
  Aborted
To do it the first descriptor should have a link to the INDIRECT table
and set the size of it to 0. It doesn't look good that the guest should
be able to trigger the assert in qemu. Add additional check for the size
of the INDIRECT table, which should not be 0.

Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
2019-02-01 17:30:53 -05:00
..
9pfs xen: re-name XenDevice to XenLegacyDevice... 2019-01-14 13:45:40 +00:00
acpi uuid: Make qemu_uuid_bswap() take and return a QemuUUID 2019-02-01 13:46:45 +01:00
adc
alpha avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
arm arm: Instantiate NRF51 special NVM's and NVMC 2019-02-01 15:32:17 +00:00
audio audio: fix pc speaker init 2019-01-24 13:10:19 +01:00
block Block patches: 2019-01-31 19:26:09 +00:00
bt
char hw/char/stm32f2xx_usart: Do not update data register when device is disabled 2019-01-21 10:23:10 +00:00
core usb: assign unique serial numbers to hid devices 2019-01-30 06:47:52 +01:00
cpu qom/cpu: Add cluster_index to CPUState 2019-01-29 11:46:05 +00:00
cris
display hw/display/milkymist-tmu2: Move inlined code from header to source 2019-02-01 11:58:50 +01:00
dma avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
gpio trace: enforce that every trace-events file has a final newline 2019-01-24 14:16:56 +00:00
hppa
hyperv
i2c arm: Stub out NRF51 TWI magnetometer/accelerometer detection 2019-01-29 11:46:03 +00:00
i386 - add device category (edu, i8042, sd memory card) 2019-01-31 15:40:39 +00:00
ide ide/via: Implement and use native PCI IDE mode 2019-01-25 14:52:12 -05:00
input hw: input: set category of the i8042 device 2019-01-30 10:19:32 +01:00
intc armv7m: Don't assume the NVIC's CPU is CPU 0 2019-02-01 14:55:41 +00:00
ipack
ipmi
isa
lm32 hw/display/milkymist-tmu2: Move inlined code from header to source 2019-02-01 11:58:50 +01:00
m68k
mem memory-device: rewrite address assignment using ranges 2019-01-09 22:09:31 -02:00
microblaze hw/microblaze: s3adsp1800: Create an unimplemented GPIO area 2019-01-22 03:16:32 -08:00
mips ide/via: Rename functions to match device name 2019-01-25 14:52:12 -05:00
misc hw/misc/armsse-cpuid: Implement SSE-200 CPU_IDENTITY register block 2019-02-01 14:55:43 +00:00
moxie trivial: Don't include isa.h if it is not really necessary 2019-01-09 11:24:35 +01:00
net ftgmac100: implement the new MDIO interface on Aspeed SoC 2019-01-21 10:23:11 +00:00
nios2 Support u-boot noload images for arm as used by, NetBSD/evbarm GENERIC kernel. 2019-01-07 15:46:20 +00:00
nvram hw/nvram/nrf51_nvm: Add nRF51 non-volatile memories 2019-02-01 15:31:26 +00:00
openrisc
pci msix: make pba size math more uniform 2019-01-14 19:31:04 -05:00
pci-bridge pci/shpc: perform unplug via the hotplug handler 2018-12-20 11:19:12 -05:00
pci-host pam: wrap MemoryRegion initialization in a transaction 2019-01-11 13:57:23 +01:00
pcmcia
ppc ppc: Move spapr-related prototypes from xics.h into a seperate header file 2019-01-22 05:14:33 +01:00
rdma hw/rdma: modify struct initialization 2019-01-19 11:01:33 +02:00
riscv sifive_uart: Implement interrupt pending register 2018-12-20 12:08:43 -08:00
s390x s390x/pci: add common function measurement block 2019-01-18 11:52:01 +01:00
scsi scsi-disk: Add device_id property 2019-02-01 13:48:11 +01:00
sd hw: sd: set category of the sd memory card 2019-01-30 10:24:20 +01:00
sh4 avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
smbios hw/smbios: Move to the hw/firmware/ subdirectory 2018-12-19 16:48:16 -05:00
sparc trivial: Don't include isa.h if it is not really necessary 2019-01-09 11:24:35 +01:00
sparc64
ssi aspeed/smc: snoop SPI transfers to fake dummy cycles 2019-01-29 11:46:05 +00:00
timer trivial: Don't include isa.h if it is not really necessary 2019-01-09 11:24:35 +01:00
tpm tpm: clear RAM when "memory overwrite" requested 2019-01-17 21:10:57 -05:00
tricore
unicore32
usb usb-mtp: replace the homebrew write with qemu_write_full 2019-01-30 06:47:52 +01:00
vfio trace: forbid use of %m in trace event format strings 2019-01-24 14:16:56 +00:00
virtio virtio: add checks for the size of the indirect table 2019-02-01 17:30:53 -05:00
watchdog hw/watchdog/wdt_i6300esb: remove a unnecessary comment 2019-01-11 15:46:55 +01:00
xen xen: automatically create XenBlockDevice-s 2019-01-14 13:45:40 +00:00
xenpv xen: Replace few mentions of xend by libxl 2019-01-14 13:45:40 +00:00
xtensa
Makefile.objs