From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Fam Zheng" <fam@euphon.net>,
qemu-ppc@nongnu.org, "Paolo Bonzini" <pbonzini@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"David Gibson" <david@gibson.dropbear.id.au>
Subject: [PATCH v2 0/5] hw/scsi/spapr_vscsi: Fix time bomb zero-length array use
Date: Thu, 5 Mar 2020 09:31:30 +0100 [thread overview]
Message-ID: <20200305083135.8270-1-philmd@redhat.com> (raw)
This series fixes a dangerous zero-length array use.
Simples patches first to clean the issue in the last patch:
dissociate the buffer holding DMA requests with pointer to
SRP Information Unit packets.
v2: Addressed David Gibson review comments
Philippe Mathieu-Daudé (5):
hw/scsi/viosrp: Add missing 'hw/scsi/srp.h' include
hw/scsi/spapr_vscsi: Use SRP_MAX_IU_LEN instead of sizeof flexible
array
hw/scsi/spapr_vscsi: Simplify a bit
hw/scsi/spapr_vscsi: Introduce req_iu() helper
hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size
hw/scsi/viosrp.h | 3 ++-
hw/scsi/spapr_vscsi.c | 59 ++++++++++++++++++++++++-------------------
2 files changed, 35 insertions(+), 27 deletions(-)
--
2.21.1
next reply other threads:[~2020-03-05 8:32 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-05 8:31 Philippe Mathieu-Daudé [this message]
2020-03-05 8:31 ` [MERGED PATCH v2 1/5] hw/scsi/viosrp: Add missing 'hw/scsi/srp.h' include Philippe Mathieu-Daudé
2020-03-05 8:31 ` [MERGED PATCH v2 2/5] hw/scsi/spapr_vscsi: Use SRP_MAX_IU_LEN instead of sizeof flexible array Philippe Mathieu-Daudé
2020-03-05 8:31 ` [MERGED PATCH v2 3/5] hw/scsi/spapr_vscsi: Simplify a bit Philippe Mathieu-Daudé
2020-03-05 8:31 ` [PATCH v2 4/5] hw/scsi/spapr_vscsi: Introduce req_iu() helper Philippe Mathieu-Daudé
2020-03-05 8:31 ` [PATCH v2 5/5] hw/scsi/spapr_vscsi: Do not mix SRP IU size with DMA buffer size Philippe Mathieu-Daudé
2020-03-05 10:27 ` [PATCH v2 0/5] hw/scsi/spapr_vscsi: Fix time bomb zero-length array use Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200305083135.8270-1-philmd@redhat.com \
--to=philmd@redhat.com \
--cc=david@gibson.dropbear.id.au \
--cc=fam@euphon.net \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-ppc@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.