ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/scsi
History
Paolo Bonzini 61f6b12cf3 scsi-generic: fix buffer overflow on block limits inquiry 
Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
device makes qemu crash.  This is caused by a buffer overflow when
scsi-generic patches the block limits VPD page.

Do the operations on a temporary on-stack buffer that is guaranteed
to be large enough.

Reported-by: Théo Maillart <tmaillart@freebox.fr>
Analyzed-by: Théo Maillart <tmaillart@freebox.fr>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9bd634b2f5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
 		2023-05-18 21:10:00 +03:00
..
Kconfig build: move vhost-scsi configuration to Kconfig 2022-05-07 07:46:58 +02:00
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c pci: Let pci_dma_rw() take MemTxAttrs argument 2021-12-31 01:05:23 +01:00
esp.c Fix several typos in documentation (found by codespell) 2022-11-11 09:39:25 +01:00
lsi53c895a.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
megasas.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
meson.build meson: convert hw/scsi 2020-08-21 06:30:28 -04:00
mfi.h Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
mptsas.h mptsas: Remove unused MPTSASState 'pending' field (CVE-2021-3392) 2021-04-19 15:48:12 +01:00
scsi-bus.c virtio-scsi: Send "REPORTED LUNS CHANGED" sense data upon disk hotplug events 2022-10-13 23:38:33 +02:00
scsi-disk.c scsi-disk: support setting CD-ROM block size via device options 2022-10-10 09:23:16 +02:00
scsi-generic.c scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 21:10:00 +03:00
spapr_vscsi.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
trace-events scsi-disk: allow MODE SELECT block descriptor to set the block size 2022-07-13 16:58:58 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-scsi-common.c vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
vhost-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
vhost-user-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
viosrp.h hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size 2020-03-17 15:08:50 +11:00
virtio-scsi-dataplane.c virtio-scsi: fix race in virtio_scsi_dataplane_start() 2022-08-17 07:07:37 -04:00
virtio-scsi.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
vmw_pvscsi.c hw/scsi/vmw_pvscsi.c: Use device_cold_reset() to reset SCSI devices 2022-10-18 13:58:04 +02:00
vmw_pvscsi.h scsi: VMWare PVSCSI paravirtual device implementation 2013-04-19 10:44:17 +02:00