packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw-cxl-Ensure-there-is-enough-data-for-the-header-in.patch
Jiabo Feng f2ed4aa869 QEMU update to version 8.2.0-25: 
- hw/arm/virt:Keep Guest L1 cache type consistent with KVM
- cvm : Add support for TEE-based national encryption acceleration.
- Add virtCCA Coda annotation Adjust the position of the security device
- target/i386: sev: Add support for reuse ASID for different CSV guests
- target/i386: sev: Fix incompatibility between SEV and CSV on the GET_ID API
- hw/cxl: Ensure there is enough data for the header in cmd_ccls_set_lsa()
- hw/pci: Add parenthesis to PCI_BUILD_BDF macro
- hw/audio/hda: free timer on exit
- meson.build: Remove ncurses workaround for OpenBSD
- ui/console-vc: Silence warning about sprintf() on OpenBSD
- ui: remove break after g_assert_not_reached()
- s390x/sclp: Simplify get_sclp_device()
- hw/vfio/hct: qemu startup terminate once error happened in hct
- hw/vfio/hct: fix ccp_index error caused by uninitialized buf
- hw/vfio/hct: update support ccp count to 48.
- hw/vfio: add device hct based on vfio.

Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com>
(cherry picked from commit 702a9cc4e262a50f7aa6f7c9549fbc13d4cd0770)
2024-11-30 11:31:31 +08:00

38 lines
1.3 KiB
Diff
Raw Blame History

From 830009038a73e496598c26679b7e30d7e931a1cf Mon Sep 17 00:00:00 2001
From: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: Fri, 1 Nov 2024 13:39:16 +0000
Subject: [PATCH] hw/cxl: Ensure there is enough data for the header in
cmd_ccls_set_lsa()
The properties of the requested set command cannot be established if
len_in is less than the size of the header.
Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20241101133917.27634-10-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Zhongrui Tang <tangzhongrui_yewu@cmss.chinamobile.com>
---
hw/cxl/cxl-mailbox-utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/cxl/cxl-mailbox-utils.c b/hw/cxl/cxl-mailbox-utils.c
index 6eff56fb1b..9f2304389b 100644
--- a/hw/cxl/cxl-mailbox-utils.c
+++ b/hw/cxl/cxl-mailbox-utils.c
@@ -897,8 +897,8 @@ static CXLRetCode cmd_ccls_set_lsa(const struct cxl_cmd *cmd,
const size_t hdr_len = offsetof(struct set_lsa_pl, data);
*len_out = 0;
- if (!len_in) {
- return CXL_MBOX_SUCCESS;
+ if (len_in < hdr_len) {
+ return CXL_MBOX_INVALID_PAYLOAD_LENGTH;
}
if (set_lsa_payload->offset + len_in > cvc->get_lsa_size(ct3d) + hdr_len) {
--
2.41.0.windows.1
Reference in New Issue View Git Blame Copy Permalink