xemu/hw
Prasad J Pandit 7f61f4690d vmw_pvscsi: check page count while initialising descriptor rings
Vmware Paravirtual SCSI emulation uses command descriptors to
process SCSI commands. These descriptors come with their ring
buffers. A guest could set the page count for these rings to
an arbitrary value, leading to infinite loop or OOB access.
Add check to avoid it.

Reported-by: Tom Victor <vv474172261@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1472626169-12989-1-git-send-email-ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-09-13 19:08:46 +02:00
..
9pfs 9pfs: handle walk of ".." in the root directory 2016-08-30 19:23:00 +01:00
acpi trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
alpha trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
arm ARM: ACPI: fix the AML ID format for CPU devices 2016-09-06 19:52:17 +01:00
audio portio: keep references on portio 2016-09-08 18:05:21 +04:00
block portio: keep references on portio 2016-09-08 18:05:21 +04:00
bt hw/bt: Don't use cpu_to_*w() and *_to_cpup() 2016-07-12 15:08:53 +01:00
char portio: keep references on portio 2016-09-08 18:05:21 +04:00
core bus: simplify name handling 2016-09-08 18:05:22 +04:00
cpu cpu: Abstract CPU core type 2016-06-17 16:33:48 +10:00
cris cris: Fix broken header guard in hw/cris/boot.h 2016-07-12 16:20:46 +02:00
display virtio-vga: adapt to page-per-vq=off 2016-09-13 09:28:10 +02:00
dma portio: keep references on portio 2016-09-08 18:05:21 +04:00
gpio hw/gpio: QOM'ify zaurus.c 2016-06-14 15:59:13 +01:00
i2c i2c: fix migration regression introduced by broadcast support 2016-08-03 18:44:56 +02:00
i386 pc: Add 2.8 machine 2016-09-09 20:58:34 +03:00
ide portio: keep references on portio 2016-09-08 18:05:21 +04:00
input pc: simplify passing qemu_irq 2016-09-08 18:05:21 +04:00
intc xics_kvm: drop extra checking of kernel_xics_fd 2016-09-07 09:52:14 +10:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi ipmi: free extern timer 2016-09-08 18:05:22 +04:00
isa portio: keep references on portio 2016-09-08 18:05:21 +04:00
lm32 Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem nvdimm: fix memory leak in error code path 2016-07-20 19:30:26 +03:00
microblaze Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
mips error: Strip trailing '\n' from error string arguments (again) 2016-08-08 09:00:44 +02:00
misc ppc patch queue for 2016-Sep-7 2016-09-08 11:28:12 +01:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net spapr: implement H_CHANGE_LOGICAL_LAN_MAC h_call 2016-09-07 12:40:13 +10:00
nvram trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
pci-bridge hw/pci-bridge: Convert pxb initialization functions to Error 2016-07-29 00:07:09 +03:00
pci-host apb: convert init to realize 2016-07-29 00:07:09 +03:00
pcmcia
ppc hw/ppc: add a ppc_create_page_sizes_prop() helper routine 2016-09-07 12:40:12 +10:00
s390x vhost-vsock: add virtio sockets device 2016-09-10 00:28:08 +03:00
scsi vmw_pvscsi: check page count while initialising descriptor rings 2016-09-13 19:08:46 +02:00
sd sd: free timer 2016-09-08 18:05:22 +04:00
sh4 Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
smbios ipmi: Add SMBIOS table entry 2016-06-24 05:13:57 +03:00
sparc trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi ast2400: pretend DMAs are done for U-boot 2016-07-14 16:51:38 +01:00
timer trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
tpm Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
vfio trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
virtio vhost-vsock: add virtio sockets device 2016-09-10 00:28:08 +03:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen Xen: fix converity warning of xen_pt_config_init() 2016-08-12 16:38:18 -07:00
xenpv xen: use a common function for pv and hvm guest backend register calls 2016-08-03 14:52:11 +02:00
xtensa target-xtensa: xtfpga: fix FLASH interface width 2016-07-14 13:59:44 +03:00
Makefile.objs