Mark Cave-Ayland 77668e4b9b esp: restrict non-DMA transfer length to that of available data ... In the case where a SCSI layer transfer is incorrectly terminated, it is possible for a TI command to cause a SCSI buffer overflow due to the expected transfer data length being less than the available data in the FIFO. When this occurs the unsigned async_len variable underflows and becomes a large offset which writes past the end of the allocated SCSI buffer. Restrict the non-DMA transfer length to be the smallest of the expected transfer length and the available FIFO data to ensure that it is no longer possible for the SCSI buffer overflow to occur. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1810 Reviewed-by: Thomas Huth <thuth@redhat.com> Message-ID: <20230913204410.65650-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>		2023-10-03 10:29:39 +02:00
..
9pfs	fsdev: Use ThrottleDirection instread of bool is_write	2023-08-29 10:49:24 +02:00
acpi	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
adc	meson: Replace softmmu_ss -> system_ss	2023-06-20 10:01:30 +02:00
alpha	hw/alpha: Use MachineClass->default_nic in the alpha machine	2023-05-26 09:10:49 +02:00
arm	sbsa-ref: add non-secure EL2 virtual timer	2023-09-21 16:07:14 +01:00
audio	hw/audio/lm4549: Add errp error reporting to init function	2023-09-22 16:30:07 +02:00
avr	Remove qemu-common.h include from most units	2022-04-06 14:31:55 +02:00
block	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
char	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
core	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
cpu	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
cris
cxl	hw/cxl: Fix CFMW config memory leak	2023-09-21 11:31:18 +03:00
display	hw/display/xlnx_dp.c: Add audiodev property	2023-09-22 16:30:07 +02:00
dma	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
gpio	hw/gpio/nrf51: implement DETECT signal	2023-08-22 17:30:59 +01:00
hppa	target/hppa: Report and clear BTLBs via fw_cfg at startup	2023-09-15 17:34:38 +02:00
hyperv	win32: replace closesocket() with close() wrapper	2023-03-13 15:39:31 +04:00
i2c	pm_smbus: rename variable to avoid shadowing	2023-09-26 16:39:20 +02:00
i386	pc_piix: remove pc-i440fx-1.4 up to pc-i440fx-1.7	2023-09-25 18:25:02 +02:00
ide	hw/ide/ahci: fix broken SError handling	2023-09-06 22:48:04 -04:00
input	* add host ticks function for RISC-V	2023-09-25 10:09:38 -04:00
intc	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
ipack	meson: Replace softmmu_ss -> system_ss	2023-06-20 10:01:30 +02:00
ipmi	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
isa	hw/isa/vt82c686: Remove via_isa_set_irq()	2023-07-11 00:11:25 +02:00
loongarch	hw/loongarch: Fix ACPI processor id off-by-one error	2023-08-24 16:58:16 +08:00
m68k	hw: Add compat machines for 8.2	2023-08-23 12:06:39 +02:00
mem	hw/mem/cxl_type3: Add missing copyright and license notice	2023-09-21 11:31:18 +03:00
microblaze	trivial: Simplify the spots that use TARGET_BIG_ENDIAN as a numeric value	2023-09-08 13:08:52 +03:00
mips	hw/mips/jazz: Simplify the NIC setup code	2023-09-25 07:58:14 +02:00
misc	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
net	e1000: remove old compatibility code	2023-09-29 09:33:10 +02:00
nios2	trivial: Simplify the spots that use TARGET_BIG_ENDIAN as a numeric value	2023-09-08 13:08:52 +03:00
nubus	trace-events: Fix the name of the tracing.rst file	2023-09-08 13:08:51 +03:00
nvme	trivial patches for 2023-09-21	2023-09-21 09:32:47 -04:00
nvram	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
openrisc	*: Add missing includes of qemu/error-report.h	2023-03-22 15:06:57 +00:00
pci	hw/pci: spelling fixes	2023-09-20 07:54:34 +03:00
pci-bridge	hw/pci-bridge/cxl_upstream: Fix bandwidth entry base unit for SSLBIS	2023-09-21 11:31:18 +03:00
pci-host	pc: remove short_root_bus property	2023-09-29 09:33:10 +02:00
pcmcia	meson: Replace softmmu_ss -> system_ss	2023-06-20 10:01:30 +02:00
ppc	ppc: spelling fixes	2023-09-20 07:54:34 +03:00
rdma	meson: Replace softmmu_ss -> system_ss	2023-06-20 10:01:30 +02:00
remote	exec/memory: Add symbol for memory listener priority for device backend	2023-06-28 14:27:59 +02:00
riscv	hw/riscv/virt.c: fix non-KVM --enable-debug build	2023-09-11 11:45:55 +10:00
rtc	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
rx	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
s390x	s390x: do a subsystem reset before the unprotect on reboot	2023-09-12 11:13:33 +02:00
scsi	esp: restrict non-DMA transfer length to that of available data	2023-10-03 10:29:39 +02:00
sd	aspeed queue:	2023-09-06 11:14:55 -04:00
sensor	hw/i2c: spelling fixes	2023-08-31 19:47:43 +02:00
sh4	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
smbios	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
sparc	other architectures: spelling fixes	2023-07-25 17:14:07 +03:00
sparc64	hw/pci/pci: Remove multifunction parameter from pci_new_multifunction()	2023-07-10 18:59:32 -04:00
ssi	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
timer	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
tpm	hw/tpm: spelling fixes	2023-09-20 07:54:34 +03:00
tricore	hw/tricore: fix inclusion of tricore_testboard	2021-07-20 20:10:21 +02:00
ufs	hw/ufs: Support for UFS logical unit	2023-09-07 14:01:29 -04:00
usb	hw/usb/hcd-xhci: Avoid variable-length array in xhci_get_port_bandwidth()	2023-08-31 19:47:43 +02:00
vfio	spapr: Remove support for NVIDIA V100 GPU with NVLink2	2023-09-18 07:25:28 -03:00
virtio	hw/other: spelling fixes	2023-09-21 11:31:16 +03:00
watchdog	meson: Replace softmmu_ss -> system_ss	2023-06-20 10:01:30 +02:00
xen	xen: spelling fix	2023-09-08 13:08:52 +03:00
xenpv	hw/xenpv: Initialize Xen backend operations	2023-03-24 14:52:14 +00:00
xtensa	trivial: Simplify the spots that use TARGET_BIG_ENDIAN as a numeric value	2023-09-08 13:08:52 +03:00
Kconfig	hw/ufs: Initial commit for emulated Universal-Flash-Storage	2023-09-07 14:01:29 -04:00
meson.build	hw/ufs: Initial commit for emulated Universal-Flash-Storage	2023-09-07 14:01:29 -04:00