haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/scsi
History
Mark Cave-Ayland fbc6510e33 esp: don't overflow cmdfifo in get_cmd() 
If the guest tries to read a CDB using DMA and cmdfifo is not empty then it is
possible to overflow cmdfifo.

Since this can only occur by issuing deliberately incorrect instruction
sequences, ensure that the maximum length of the CDB transferred to cmdfifo is
limited to the available free space within cmdfifo.

Buglink: https://bugs.launchpad.net/qemu/+bug/1909247
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210407195801.685-9-mark.cave-ayland@ilande.co.uk>
2021-04-12 22:35:53 +01:00
..
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c esp: fix setting of ESPState mig_version_id when launching QEMU with -S option 2021-04-12 22:31:24 +01:00
esp.c esp: don't overflow cmdfifo in get_cmd() 2021-04-12 22:35:53 +01:00
Kconfig hw/nvram/Kconfig: Add an entry for the NMC93xx EEPROM 2020-01-07 12:08:39 +01:00
lsi53c895a.c lsilogic: Use PCIDevice::exit instead of DeviceState::unrealize 2021-03-06 11:41:54 +01:00
megasas.c scsi: drop 'result' argument from command_complete callback 2021-02-25 14:14:32 +01:00
meson.build meson: convert hw/scsi 2020-08-21 06:30:28 -04:00
mfi.h Clean up header guards that don't match their file name 2016-07-12 16:19:16 +02:00
mpi.h hw: Add support for LSI SAS1068 (mptsas) device 2016-02-09 15:45:26 +01:00
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c scsi: drop 'result' argument from command_complete callback 2021-02-25 14:14:32 +01:00
mptsas.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
scsi-bus.c sysemu: Let VMChangeStateHandler take boolean 'running' argument 2021-03-09 23:13:57 +01:00
scsi-disk.c hw/scsi: remove 'scsi-disk' device 2021-03-18 09:22:55 +00:00
scsi-generic.c scsi: move host_status handling into SCSI drivers 2021-03-06 11:42:57 +01:00
spapr_vscsi.c scsi: drop 'result' argument from command_complete callback 2021-02-25 14:14:32 +01:00
srp.h spapr-vscsi: add task management 2013-09-12 08:46:21 +02:00
trace-events esp: add PDMA trace events 2021-03-07 10:39:05 +00:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-scsi-common.c vhost-scsi: support inflight io track 2020-09-30 19:09:20 +02:00
vhost-scsi.c monitor: Use getter/setter functions for cur_mon 2020-10-09 07:08:19 +02:00
vhost-user-scsi.c qdev: Move softmmu properties to qdev-properties-system.h 2020-12-18 15:20:17 -05:00
viosrp.h hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size 2020-03-17 15:08:50 +11:00
virtio-scsi-dataplane.c virtio-scsi: don't process IO on fenced dataplane 2021-02-25 14:14:32 +01:00
virtio-scsi.c scsi: move host_status handling into SCSI drivers 2021-03-06 11:42:57 +01:00
vmw_pvscsi.c scsi: move host_status handling into SCSI drivers 2021-03-06 11:42:57 +01:00
vmw_pvscsi.h scsi: VMWare PVSCSI paravirtual device implementation 2013-04-19 10:44:17 +02:00