From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: virtio-dev-return-7601-cohuck=redhat.com@lists.oasis-open.org Sender: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Received: from lists.oasis-open.org (oasis-open.org [10.110.1.242]) by lists.oasis-open.org (Postfix) with ESMTP id B0C1E985A1F for ; Mon, 20 Jul 2020 17:51:18 +0000 (UTC) From: Alexander Duyck Date: Mon, 20 Jul 2020 10:51:15 -0700 Message-ID: <20200720175115.21935.99563.stgit@localhost.localdomain> In-Reply-To: <20200720175030.21935.80052.stgit@localhost.localdomain> References: <20200720175030.21935.80052.stgit@localhost.localdomain> MIME-Version: 1.0 Subject: [virtio-dev] [PATCH v3 QEMU 1/3] virtio-balloon: Prevent guest from starting a report when we didn't request one Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: david@redhat.com, mst@redhat.com Cc: virtio-dev@lists.oasis-open.org, qemu-devel@nongnu.org, peter.maydell@linaro.org List-ID: From: Alexander Duyck Based on code review it appears possible for the driver to force the device out of a stopped state when hinting by repeating the last ID it was provided. Prevent this by only allowing a transition to the start state when we are in the requested state. This way the driver is only allowed to send one descriptor that will transition the device into the start state. All others will leave it in the stop state once it has finished. Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") Acked-by: David Hildenbrand Signed-off-by: Alexander Duyck --- hw/virtio/virtio-balloon.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index e670f1e59534..ce70adcc6925 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -526,7 +526,8 @@ static bool get_free_page_hints(VirtIOBalloon *dev) ret = false; goto out; } - if (id == dev->free_page_report_cmd_id) { + if (dev->free_page_report_status == FREE_PAGE_REPORT_S_REQUESTED && + id == dev->free_page_report_cmd_id) { dev->free_page_report_status = FREE_PAGE_REPORT_S_START; } else { /* --------------------------------------------------------------------- To unsubscribe, e-mail: virtio-dev-unsubscribe@lists.oasis-open.org For additional commands, e-mail: virtio-dev-help@lists.oasis-open.org