Jonathan Cameron 7edbbff5ee hw/cxl: Check size of input data to dynamic capacity mailbox commands ... cxl_cmd_dcd_release_dyn_cap() and cmd_dcd_add_dyn_cap_rsp() are missing input message size checks. These must be done in the individual commands when the command has a variable length input payload. A buggy or malicious guest might send undersized messages via the mailbox. As that size is used to take a copy of the mailbox content, each command must check there is sufficient data. In this case the first check is that there is enough data to read how many extents there are, and the second that there is enough for those elements to be accessed. Reported-by: Esifiel <esifiel@gmail.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20241101133917.27634-2-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>		2024-11-04 16:03:25 -05:00
..
Kconfig	hw/cxl/component: Introduce CXL components (8.1.x, 8.2.5)	2022-05-13 06:13:35 -04:00
cxl-cdat.c	hw/cxl/cxl-cdat: Make cxl_doe_cdat_init() return boolean	2024-04-25 12:48:12 +02:00
cxl-component-utils.c	hw/pci-bridge/pxb-cxl: Drop RAS capability from host bridge.	2024-03-12 17:56:55 -04:00
cxl-device-utils.c	hw/cxl: Standardize all references on CXL r3.1 and minor updates	2024-02-14 06:09:33 -05:00
cxl-events.c	hw/cxl/events: discard all event records during sanitation	2024-07-21 14:31:59 -04:00
cxl-host-stubs.c	pci/pci_expander_bridge: For CXL HB delay the HB register memory region setup.	2022-06-09 19:32:49 -04:00
cxl-host.c	hw/cxl/cxl-host: Fix segmentation fault when getting cxl-fmw property	2024-07-21 14:31:59 -04:00
cxl-mailbox-utils.c	hw/cxl: Check size of input data to dynamic capacity mailbox commands	2024-11-04 16:03:25 -05:00
meson.build	meson: remove CONFIG_ALL	2023-12-31 09:11:28 +01:00
switch-mailbox-cci.c	hw: Use device_class_set_legacy_reset() instead of opencoding	2024-09-13 15:31:44 +01:00