qemu/hw/scsi
Paolo Bonzini 9bd634b2f5 scsi-generic: fix buffer overflow on block limits inquiry
Using linux 6.x guest, at boot time, an inquiry on a scsi-generic
device makes qemu crash.  This is caused by a buffer overflow when
scsi-generic patches the block limits VPD page.

Do the operations on a temporary on-stack buffer that is guaranteed
to be large enough.

Reported-by: Théo Maillart <tmaillart@freebox.fr>
Analyzed-by: Théo Maillart <tmaillart@freebox.fr>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2023-05-18 08:53:51 +02:00
..
emulation.c scsi-generic: avoid invalid access to struct when emulating block limits 2018-11-06 21:35:06 +01:00
esp-pci.c include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
esp.c Fix several typos in documentation (found by codespell) 2022-11-11 09:39:25 +01:00
Kconfig build: move vhost-scsi configuration to Kconfig 2022-05-07 07:46:58 +02:00
lsi53c895a.c lsi53c895a: disable reentrancy detection for script RAM 2023-04-28 11:31:54 +02:00
megasas.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
meson.build meson: convert hw/scsi 2020-08-21 06:30:28 -04:00
mfi.h Fix 'writeable' typos 2022-06-08 19:38:47 +01:00
mpi.h
mptconfig.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptendian.c nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
mptsas.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
mptsas.h include/hw/pci: Split pci_device.h off pci.h 2023-01-08 01:54:22 -05:00
scsi-bus.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
scsi-disk.c dma-helpers: prevent dma_blk_cb() vs dma_aio_cancel() race 2023-02-23 19:49:35 +01:00
scsi-generic.c scsi-generic: fix buffer overflow on block limits inquiry 2023-05-18 08:53:51 +02:00
spapr_vscsi.c scsi: Use device_cold_reset() and bus_cold_reset() 2022-10-18 13:58:04 +02:00
srp.h
trace-events scsi-disk: allow MODE SELECT block descriptor to set the block size 2022-07-13 16:58:58 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vhost-scsi-common.c vhost-scsi: fix memleak of vsc->inflight 2023-01-08 01:54:23 -05:00
vhost-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
vhost-user-scsi.c vhost: mask VIRTIO_F_RING_RESET for vhost and vhost-user devices 2022-11-22 05:19:00 -05:00
viosrp.h Updated the FSF address to <https://www.gnu.org/licenses/> 2023-02-27 09:15:39 +01:00
virtio-scsi-dataplane.c aio-wait: avoid AioContext lock in aio_wait_bh_oneshot() 2023-05-10 14:15:13 +02:00
virtio-scsi.c virtio-scsi: reset SCSI devices from main loop thread 2023-02-23 19:49:35 +01:00
vmw_pvscsi.c hw: replace most qemu_bh_new calls with qemu_bh_new_guarded 2023-04-28 11:31:54 +02:00
vmw_pvscsi.h