ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/virtio
History
Hawkins Jiawei b77a5f22ac vhost: Fix false positive out-of-bounds 
QEMU uses vhost_svq_translate_addr() to translate addresses
between the QEMU's virtual address and the SVQ IOVA. In order
to validate this translation, QEMU checks whether the translated
range falls within the mapped range.

Yet the problem is that, the value of `needle_last`, which is calculated
by `needle.translated_addr + iovec[i].iov_len`, should represent the
exclusive boundary of the translated range, rather than the last
inclusive addresses of the range. Consequently, QEMU fails the check
when the translated range matches the size of the mapped range.

This patch solves this problem by fixing the `needle_last` value to
the last inclusive address of the translated range.

Note that this bug cannot be triggered at the moment, because QEMU
is unable to translate such a big range due to the truncation of
the CVQ command in vhost_vdpa_net_handle_ctrl_avail().

Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Signed-off-by: Hawkins Jiawei <yin31149@gmail.com>
Message-Id: <ee31c5420ffc8e6a29705ddd30badb814ddbae1d.1688743107.git.yin31149@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 		2023-07-10 18:59:32 -04:00
..
Kconfig hw/virtio: Add boilerplate for vhost-user-scmi device 2023-07-10 16:17:07 -04:00
meson.build hw/virtio: Add vhost-user-scmi-pci boilerplate 2023-07-10 16:17:08 -04:00
trace-events virtio-iommu: Fix 64kB host page size VFIO device assignment 2023-07-10 18:59:32 -04:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vdpa-dev-pci.c vdpa: add vdpa-dev-pci support 2022-12-21 06:35:28 -05:00
vdpa-dev.c vhost-user: fully use new backend/frontend naming 2023-06-26 09:50:00 -04:00
vhost-backend.c vhost: add method vhost_set_vring_err 2022-06-27 18:53:18 -04:00
vhost-iova-tree.c util: accept iova_tree_remove_parameter by value 2022-09-02 10:22:39 +08:00
vhost-iova-tree.h util: accept iova_tree_remove_parameter by value 2022-09-02 10:22:39 +08:00
vhost-scsi-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-shadow-virtqueue.c vhost: Fix false positive out-of-bounds 2023-07-10 18:59:32 -04:00
vhost-shadow-virtqueue.h vhost: fix possible wrap in SVQ descriptor ring 2023-05-19 01:36:09 -04:00
vhost-stub.c vhost: register and change IOMMU flag depending on Device-TLB state 2023-07-10 15:07:50 -04:00
vhost-user-blk-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-fs-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-fs.c hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments 2023-07-10 18:59:32 -04:00
vhost-user-gpio-pci.c hw/virtio: add vhost-user-gpio-pci boilerplate 2022-10-07 09:41:51 -04:00
vhost-user-gpio.c hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments 2023-07-10 18:59:32 -04:00
vhost-user-i2c-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-i2c.c virtio: i2c: Check notifier helpers for VIRTIO_CONFIG_IRQ_IDX 2023-04-24 22:56:55 -04:00
vhost-user-input-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-rng-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-rng.c vhost-user-rng: Back up vqs before cleaning up vhost_dev 2023-03-02 03:10:47 -05:00
vhost-user-scmi-pci.c hw/virtio: Add vhost-user-scmi-pci boilerplate 2023-07-10 16:17:08 -04:00
vhost-user-scmi.c hw/virtio: Add boilerplate for vhost-user-scmi device 2023-07-10 16:17:07 -04:00
vhost-user-scsi-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-vsock-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-user-vsock.c hw/virtio: introduce virtio_device_should_start 2022-11-07 14:08:18 -05:00
vhost-user.c vhost-user: Make RESET_DEVICE a per device message 2023-07-10 16:17:08 -04:00
vhost-vdpa.c vhost-vdpa: mute unaligned memory error report 2023-07-10 18:59:32 -04:00
vhost-vsock-common.c hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments 2023-07-10 18:59:32 -04:00
vhost-vsock-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
vhost-vsock.c hw/virtio: introduce virtio_device_should_start 2022-11-07 14:08:18 -05:00
vhost.c vhost: register and change IOMMU flag depending on Device-TLB state 2023-07-10 15:07:50 -04:00
virtio-9p-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-balloon-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-balloon.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
virtio-blk-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-bus.c virtio: stop ioeventfd on reset 2022-06-14 16:50:30 +02:00
virtio-config-io.c hw/virtio: Extract config read/write accessors to virtio-config-io.c 2022-12-21 07:32:24 -05:00
virtio-crypto-pci.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-crypto.c hw/virtio: fix typo in VIRTIO_CONFIG_IRQ_IDX comments 2023-07-10 18:59:32 -04:00
virtio-hmp-cmds.c virtio: Move HMP commands from monitor/ to hw/virtio/ 2023-02-04 07:56:54 +01:00
virtio-input-host-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-input-pci.c virtio-input-pci: add virtio-multitouch-pci 2023-05-28 13:08:25 +04:00
virtio-iommu-pci.c hw/virtio/virtio-iommu-pci: Enforce the device is plugged on the root bus 2022-11-07 13:12:19 -05:00
virtio-iommu.c virtio-iommu: Rework the traces in virtio_iommu_set_page_size_mask() 2023-07-10 18:59:32 -04:00
virtio-mem-pci.c bulk: Remove pointless QOM casts 2023-06-05 20:48:34 +02:00
virtio-mem-pci.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-mem.c virtio-mem: Simplify bitmap handling and virtio_mem_set_block_state() 2023-06-23 02:54:44 -04:00
virtio-mmio.c virtio: refresh vring region cache after updating a virtqueue size 2023-04-21 03:08:21 -04:00
virtio-net-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-pci.c virtio-pci: add handling of PCI ATS and Device-TLB enable/disable 2023-05-19 10:30:46 -04:00
virtio-pmem-pci.c bulk: Remove pointless QOM casts 2023-06-05 20:48:34 +02:00
virtio-pmem-pci.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
virtio-pmem.c thread-pool: avoid passing the pool parameter every time 2023-04-25 13:17:28 +02:00
virtio-qmp.c vhost-user: fully use new backend/frontend naming 2023-06-26 09:50:00 -04:00
virtio-qmp.h include/hw/virtio: Break inclusion loop 2023-01-08 01:54:22 -05:00
virtio-rng-pci.c virtio-rng-pci: Allow setting nvectors, so we can use MSI-X 2022-11-07 13:12:20 -05:00
virtio-rng.c virtio: drop name parameter for virtio_init() 2022-05-16 04:38:40 -04:00
virtio-scsi-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-serial-pci.c hw/virtio: move virtio-pci.h into shared include space 2022-05-16 04:38:40 -04:00
virtio-stub.c qmp: add QMP command x-query-virtio-queue-element 2022-10-09 16:38:45 -04:00
virtio.c aio: remove aio_disable_external() API 2023-05-30 17:37:26 +02:00