qemu/hw
Paolo Bonzini 9bd634b2f5 scsi-generic: fix buffer overflow on block limits inquiry
Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
device makes qemu crash.  This is caused by a buffer overflow when
scsi-generic patches the block limits VPD page.

Do the operations on a temporary on-stack buffer that is guaranteed
to be large enough.

Reported-by: Théo Maillart <tmaillart@freebox.fr>
Analyzed-by: Théo Maillart <tmaillart@freebox.fr>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18 08:53:51 +02:00
..
9pfs 9pfs/xen: Fix segfault on shutdown 2023-05-16 16:21:54 +02:00
acpi hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
adc
alpha
arm hw/arm: Select XLNX_USB_SUBSYS for xlnx-zcu102 machine 2023-05-10 16:02:58 +01:00
audio hw/audio/via-ac97: Basic implementation of audio playback 2023-03-08 00:37:48 +01:00
avr
block virtio-blk: add some trace events for zoned emulation 2023-05-15 08:18:10 -04:00
char hw/riscv: Add signature dump function for spike to run ACT tests 2023-05-05 10:49:50 +10:00
core hw/core: Move machine-qmp-cmds.c into the target independent source set 2023-05-16 09:14:18 +02:00
cpu
cris
cxl hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
display hw/display/sm501: Remove unneeded increment from loop 2023-05-05 12:34:22 -03:00
dma replace TABs with spaces 2023-03-20 12:43:50 +01:00
gpio replace TABs with spaces 2023-03-20 12:43:50 +01:00
hppa hw/isa: Rename isa_bus_irqs() -> isa_bus_register_input_irqs() 2023-02-27 22:29:02 +01:00
hyperv win32: replace closesocket() with close() wrapper 2023-03-13 15:39:31 +04:00
i2c hw/i2c/allwinner-i2c: Fix subclassing of TYPE_AW_I2C_SUN6I 2023-04-11 14:13:29 +01:00
i386 intel_iommu: refine iotlb hash calculation 2023-04-24 22:56:55 -04:00
ide hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
input replace TABs with spaces 2023-03-20 12:43:50 +01:00
intc hw/intc: Add NULL pointer check on LoongArch ipi device 2023-05-15 19:09:33 +08:00
ipack
ipmi
isa virtio,pc,pci: features, fixes 2023-03-10 14:31:37 +00:00
loongarch hw/loongarch/virt: Set max 256 cpus support on loongarch virt machine 2023-05-15 19:09:33 +08:00
m68k hw: Add compat machines for 8.1 2023-04-21 04:25:52 -04:00
mem virtio-balloon: optimize the virtio-balloon on the ARM platform 2023-04-21 04:25:52 -04:00
microblaze
mips hw/mips/malta: Fix minor dead code issue 2023-05-12 15:43:38 +01:00
misc hw/arm/bcm2835_property: Implement "get command line" message 2023-05-02 15:47:40 +01:00
net hw/net: Move xilinx_ethlite.c to the target-independent source set 2023-05-16 09:14:18 +02:00
nios2
nubus hw/nubus/nubus-device: Fix memory leak in nubus_device_realize 2023-02-27 22:29:01 +01:00
nvme hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
nvram aspeed queue: 2023-03-03 17:11:22 +00:00
openrisc *: Add missing includes of qemu/error-report.h 2023-03-22 15:06:57 +00:00
pci hw/pci-bridge: Fix release ordering by embedding PCIBridgeWindows within PCIBridge 2023-05-16 09:14:18 +02:00
pci-bridge hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV 2023-04-24 22:56:55 -04:00
pci-host raven: disable reentrancy detection for iomem 2023-04-28 11:31:54 +02:00
pcmcia
ppc hw/ppc/Kconfig: NVDIMM is a hard requirement for the pseries machine 2023-05-05 12:34:22 -03:00
rdma hw/rdma: VMW_PVRDMA should depend on VMXNET3_PCI 2023-04-28 08:05:37 +02:00
remote
riscv hw/riscv: Add signature dump function for spike to run ACT tests 2023-05-05 10:49:50 +10:00
rtc replace TABs with spaces 2023-03-20 12:43:50 +01:00
rx
s390x s390x/pv: Fix spurious warning with asynchronous teardown 2023-05-16 09:14:18 +02:00
scsi scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 08:53:51 +02:00
sd hw/sd/allwinner-sdhost: Correctly byteswap descriptor fields 2023-05-02 15:47:41 +01:00
sensor
sh4 hw/ide/mmio: Extract TYPE_MMIO_IDE declarations to 'hw/ide/mmio.h' 2023-02-27 22:29:02 +01:00
smbios hw/smbios: fix field corruption in type 4 table 2023-03-02 03:10:46 -05:00
sparc
sparc64 pci: avoid accessing slot_reserved_mask directly outside of pci.c 2023-04-21 04:25:52 -04:00
ssi hw/ssi: Fix Linux driver init issue with xilinx_spi 2023-04-03 16:12:30 +01:00
timer hw/timer/imx_epit: fix limit check 2023-04-20 10:21:14 +01:00
tpm tpm: Add support for TPM device over I2C bus 2023-04-20 08:17:15 -04:00
tricore
usb hw/arm: Select XLNX_USB_SUBSYS for xlnx-zcu102 machine 2023-05-10 16:02:58 +01:00
vfio vfio/pci: Static Resizable BAR capability 2023-05-09 09:30:13 -06:00
virtio virtio-blk: add zoned storage emulation for zoned devices 2023-05-15 08:18:10 -04:00
watchdog hw/watchdog: Allwinner WDT emulation for system reset 2023-04-20 10:21:13 +01:00
xen pci: avoid accessing slot_reserved_mask directly outside of pci.c 2023-04-21 04:25:52 -04:00
xenpv hw/xenpv: Initialize Xen backend operations 2023-03-24 14:52:14 +00:00
xtensa
Kconfig xen: add CONFIG_XEN_BUS and CONFIG_XEN_EMU options for Xen emulation 2023-03-01 08:22:49 +00:00
meson.build