OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
f0d634ea19
qemu-e2k/hw/s390x
History
Carlos López f0d634ea19 virtio: refresh vring region cache after updating a virtqueue size 
When a virtqueue size is changed by the guest via
virtio_queue_set_num(), its region cache is not automatically updated.
If the size was increased, this could lead to accessing the cache out
of bounds. For example, in vring_get_used_event():

    static inline uint16_t vring_get_used_event(VirtQueue *vq)
    {
        return vring_avail_ring(vq, vq->vring.num);
    }

    static inline uint16_t vring_avail_ring(VirtQueue *vq, int i)
    {
        VRingMemoryRegionCaches *caches = vring_get_region_caches(vq);
        hwaddr pa = offsetof(VRingAvail, ring[i]);

        if (!caches) {
            return 0;
        }

        return virtio_lduw_phys_cached(vq->vdev, &caches->avail, pa);
    }

vq->vring.num will be greater than caches->avail.len, which will
trigger a failed assertion down the call path of
virtio_lduw_phys_cached().

Fix this by calling virtio_init_region_cache() after
virtio_queue_set_num() if we are not already calling
virtio_queue_set_rings(). In the legacy path this is already done by
virtio_queue_update_rings().

Signed-off-by: Carlos López <clopez@suse.de>
Message-Id: <20230317002749.27379-1-clopez@suse.de>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-04-21 03:08:21 -04:00
..
3270-ccw.c
ap-bridge.c
ap-device.c
ccw-device.c
ccw-device.h
css-bridge.c
css.c s390x/css: revert SCSW ctrl/flag bits on error 2022-11-06 12:27:35 +01:00
event-facility.c hw/s390x/event-facility: Replace DO_UPCAST(SCLPEvent) by SCLP_EVENT() 2023-02-14 09:11:27 +01:00
ipl.c
ipl.h s390x: Fix spelling errors 2022-11-16 10:15:26 +01:00
Kconfig
meson.build
pv.c s390x/pv: Add support for asynchronous teardown for reboot 2023-02-27 09:15:39 +01:00
s390-ccw.c
s390-pci-bus.c s390x/pci: reset ISM passthrough devices on shutdown and system reset 2022-12-15 15:02:34 +01:00
s390-pci-inst.c * s390x header clean-ups from Philippe 2023-01-09 15:54:31 +00:00
s390-pci-kvm.c Revert "s390x/s390-virtio-ccw: add zpcii-disable machine property" 2022-11-08 10:10:57 +01:00
s390-pci-vfio.c s390x/pci: reset ISM passthrough devices on shutdown and system reset 2022-12-15 15:02:34 +01:00
s390-skeys-kvm.c
s390-skeys.c
s390-stattrib-kvm.c
s390-stattrib.c migration: Rename res_{postcopy,precopy}_only 2023-02-15 20:04:30 +01:00
s390-virtio-ccw.c s390x/pv: Add support for asynchronous teardown for reboot 2023-02-27 09:15:39 +01:00
s390-virtio-hcall.c
s390-virtio-hcall.h
sclp.c
sclpcpu.c
sclpquiesce.c
tod-kvm.c
tod-tcg.c
tod.c
trace-events
trace.h
vhost-scsi-ccw.c
vhost-user-fs-ccw.c
vhost-vsock-ccw.c
virtio-ccw-9p.c
virtio-ccw-balloon.c
virtio-ccw-blk.c
virtio-ccw-crypto.c
virtio-ccw-gpu.c
virtio-ccw-input.c
virtio-ccw-net.c
virtio-ccw-rng.c
virtio-ccw-scsi.c
virtio-ccw-serial.c Drop duplicate #include 2023-02-08 07:28:05 +01:00
virtio-ccw.c virtio: refresh vring region cache after updating a virtqueue size 2023-04-21 03:08:21 -04:00
virtio-ccw.h