Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs

From:	Michael Tokarev
Subject:	Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs
Date:	Wed, 14 Feb 2024 11:58:56 +0300
User-agent:	Mozilla Thunderbird

14.02.2024 08:13, Akihiko Odaki wrote:

The guest may write NumVFs greater than TotalVFs and that can lead
to buffer overflow in VF implementations.


This seems to be stable-worthy (Cc'd), and maybe even CVE-worthy?

Thanks,

/mjt

Fixes: 7c0fa8dff811 ("pcie: Add support for Single Root I/O Virtualization 
(SR/IOV)")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
---
  hw/pci/pcie_sriov.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c
index a1fe65f5d801..da209b7f47fd 100644
--- a/hw/pci/pcie_sriov.c
+++ b/hw/pci/pcie_sriov.c
@@ -176,6 +176,9 @@ static void register_vfs(PCIDevice *dev)

assert(sriov_cap > 0);

      num_vfs = pci_get_word(dev->config + sriov_cap + PCI_SRIOV_NUM_VF);
+    if (num_vfs > pci_get_word(dev->config + sriov_cap + PCI_SRIOV_TOTAL_VF)) {
+        return;
+    }

dev->exp.sriov_pf.vf = g_new(PCIDevice *, num_vfs);

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v4 1/9] hw/pci: Use -1 as a default value for rombar, (continued)
- [PATCH v4 1/9] hw/pci: Use -1 as a default value for rombar, Akihiko Odaki, 2024/02/14
- [PATCH v4 2/9] hw/pci: Determine if rombar is explicitly enabled, Akihiko Odaki, 2024/02/14
  - Re: [PATCH v4 2/9] hw/pci: Determine if rombar is explicitly enabled, Michael S. Tsirkin, 2024/02/14
- [PATCH v4 3/9] vfio: Avoid inspecting option QDict for rombar, Akihiko Odaki, 2024/02/14
- [PATCH v4 4/9] hw/qdev: Remove opts member, Akihiko Odaki, 2024/02/14
- [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Akihiko Odaki, 2024/02/14
  - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Michael S. Tsirkin, 2024/02/14
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Akihiko Odaki, 2024/02/14
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Michael S. Tsirkin, 2024/02/14
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Akihiko Odaki, 2024/02/14
  - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Michael Tokarev <=
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Akihiko Odaki, 2024/02/14
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Michael Tokarev, 2024/02/14
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Michael S. Tsirkin, 2024/02/14
    - Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs, Akihiko Odaki, 2024/02/17
- [PATCH v4 6/9] pcie_sriov: Reuse SR-IOV VF device instances, Akihiko Odaki, 2024/02/14
  - Re: [PATCH v4 6/9] pcie_sriov: Reuse SR-IOV VF device instances, Michael S. Tsirkin, 2024/02/14
    - Re: [PATCH v4 6/9] pcie_sriov: Reuse SR-IOV VF device instances, Akihiko Odaki, 2024/02/14
- [PATCH v4 8/9] pcie_sriov: Do not reset NumVFs after unregistering VFs, Akihiko Odaki, 2024/02/14
  - Re: [PATCH v4 8/9] pcie_sriov: Do not reset NumVFs after unregistering VFs, Michael S. Tsirkin, 2024/02/14
    - Re: [PATCH v4 8/9] pcie_sriov: Do not reset NumVFs after unregistering VFs, Akihiko Odaki, 2024/02/14

Prev by Date: Re: [PATCH v2 0/3] virt: wire up NS EL2 virtual timer IRQ
Next by Date: Re: [PULL 00/12] Hppa64 patches
Previous by thread: Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs
Next by thread: Re: [PATCH v4 5/9] pcie_sriov: Validate NumVFs
Index(es):
- Date
- Thread