[Qemu-devel] [PULL 0/1] Input 20180618 patches

[Qemu-devel] [PULL 0/1] Input 20180618 patches

[Gerd Hoffmann]

The following changes since commit 2ef2f16781af9dee6ba6517755e9073ba5799fa2:

  Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20180615a' into staging (2018-06-15 18:13:35 +0100)

are available in the git repository at:

  git://git.kraxel.org/qemu tags/input-20180618-pull-request

for you to fetch changes up to b55a06df4f03f21e8a32e9d067a8a5782ac3ce0d:

  ps2: check PS2Queue wptr pointer in post_load routine (2018-06-18 12:06:45 +0200)

----------------------------------------------------------------
input: ps2 post_load fix.

----------------------------------------------------------------

liujunjie (1):
  ps2: check PS2Queue wptr pointer in post_load routine

 hw/input/ps2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.9.3

[Qemu-devel] [PULL 1/1] ps2: check PS2Queue wptr pointer in post_load routine

[Gerd Hoffmann]

From: liujunjie <liujunjie23@huawei.com>

In commit 802cbcb7300, most issues have been fixed when qemu guest
migration. But the queue size still need to check whether is equal to
PS2_QUEUE_SIZE. If yes, the wptr should set as 0. Or, wptr would larger
than PS2_QUEUE_SIZE and never come back when ps2_queue_noirq is called.
This could lead to OOB access, add check to avoid it.

Signed-off-by: liujunjie <liujunjie23@huawei.com>
Reviewed-by: Gonglei <arei.gonglei@huawei.com>
Message-id: 20180607080237.12360-1-liujunjie23@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/input/ps2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/input/ps2.c b/hw/input/ps2.c
index eeec6180d0..fdfcadf9a1 100644
--- a/hw/input/ps2.c
+++ b/hw/input/ps2.c
@@ -927,7 +927,7 @@ static void ps2_common_post_load(PS2State *s)
 
     /* reset rptr/wptr/count */
     q->rptr = 0;
-    q->wptr = size;
+    q->wptr = (size == PS2_QUEUE_SIZE) ? 0 : size;
     q->count = size;
     s->update_irq(s->update_arg, q->count != 0);
 }
-- 
2.9.3

Re: [Qemu-devel] [PULL 0/1] Input 20180618 patches

[Peter Maydell]

On 18 June 2018 at 11:18, Gerd Hoffmann <kraxel@redhat.com> wrote:
> The following changes since commit 2ef2f16781af9dee6ba6517755e9073ba5799fa2:
>
>   Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20180615a' into staging (2018-06-15 18:13:35 +0100)
>
> are available in the git repository at:
>
>   git://git.kraxel.org/qemu tags/input-20180618-pull-request
>
> for you to fetch changes up to b55a06df4f03f21e8a32e9d067a8a5782ac3ce0d:
>
>   ps2: check PS2Queue wptr pointer in post_load routine (2018-06-18 12:06:45 +0200)
>
> ----------------------------------------------------------------
> input: ps2 post_load fix.
>
> ----------------------------------------------------------------
>
> liujunjie (1):
>   ps2: check PS2Queue wptr pointer in post_load routine
>

Applied, thanks.

-- PMM