Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
qemu-linux-user.7445
0365-9pfs-fix-off-by-one-error-in-PDU-fr.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0365-9pfs-fix-off-by-one-error-in-PDU-fr.patch of Package qemu-linux-user.7445
From 1bbacd5d0331ec8666e74ff9f213c783185c6751 Mon Sep 17 00:00:00 2001 From: Greg Kurz <groug@kaod.org> Date: Fri, 13 Jan 2017 18:18:20 +0100 Subject: [PATCH] 9pfs: fix off-by-one error in PDU free list The server can handle MAX_REQ - 1 PDUs at a time and the virtio-9p device has a MAX_REQ sized virtqueue. If the client manages to fill up the virtqueue, pdu_alloc() will fail and the request won't be processed without any notice to the client (it actually causes the linux 9p client to hang). This has been there since the beginning (commit 9f10751365b2 "virtio-9p: Add a virtio 9p device to qemu"), but it needs an agressive workload to run in the guest to show up. We actually allocate MAX_REQ PDUs and I see no reason not to link them all into the free list, so let's fix the init loop. Reported-by: Tuomas Tynkkynen <tuomas@tuxera.com> Suggested-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Greg Kurz <groug@kaod.org> (cherry picked from commit 0d78289c3dca3de8e614a551a3d4a9415168ace0) [BR: Fix and/or infrastructure for BSC#1020427 CVE-2016-9602] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/9pfs/9p.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c index b782d4af6f..3adb942a98 100644 --- a/hw/9pfs/9p.c +++ b/hw/9pfs/9p.c @@ -3286,7 +3286,7 @@ int v9fs_device_realize_common(V9fsState *s, Error **errp) /* initialize pdu allocator */ QLIST_INIT(&s->free_list); QLIST_INIT(&s->active_list); - for (i = 0; i < (MAX_REQ - 1); i++) { + for (i = 0; i < MAX_REQ; i++) { QLIST_INSERT_HEAD(&s->free_list, &s->pdus[i], next); s->pdus[i].s = s; s->pdus[i].idx = i;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor