Yuval Shaia 06c9bf032f hw/pvrdma: Protect against buggy or malicious guest driver ... Guest driver allocates and initialize page tables to be used as a ring of descriptors for CQ and async events. The page table that represents the ring, along with the number of pages in the page table is passed to the device. Currently our device supports only one page table for a ring. Let's make sure that the number of page table entries the driver reports, do not exceeds the one page table size. Reported-by: Soul Chen <soulchen8650@gmail.com> Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Fixes: CVE-2023-1544 Message-ID: <20230301142926.18686-1-yuval.shaia.ml@gmail.com> Signed-off-by: Thomas Huth <thuth@redhat.com> (cherry picked from commit 85fc35afa9) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>		2023-10-21 14:05:14 +03:00
..
vmw	hw/pvrdma: Protect against buggy or malicious guest driver	2023-10-21 14:05:14 +03:00
Kconfig	kconfig: add dependencies on CONFIG_MSI_NONBROKEN	2019-03-18 09:39:57 +01:00
meson.build	meson: convert hw/rdma	2020-08-21 06:30:29 -04:00
rdma.c	{hmp, hw/pvrdma}: Expose device internals via monitor interface	2019-03-16 15:52:44 +02:00
rdma_backend.c	hw/rdma: Replace QList by GQueue	2020-12-19 10:38:43 +01:00
rdma_backend.h	hw/rdma: Skip data-path mr_id translation	2020-03-21 19:16:38 +02:00
rdma_backend_defs.h	hw/rdma: Replace QList by GQueue	2020-12-19 10:38:43 +01:00
rdma_rm.c	qapi: introduce x-query-rdma QMP command	2021-11-02 15:55:14 +00:00
rdma_rm.h	qapi: introduce x-query-rdma QMP command	2021-11-02 15:55:14 +00:00
rdma_rm_defs.h	hw/rdma: Modify create/destroy QP to support SRQ	2019-05-04 15:55:56 +03:00
rdma_utils.c	hw/dma: Use dma_addr_t type definition when relevant	2022-01-18 12:56:29 +01:00
rdma_utils.h	hw/rdma/rdma_utils: Rename rdma_pci_dma_map 'len' argument	2022-01-18 12:56:07 +01:00
trace-events	hw/dma: Fix format string issues using dma_addr_t	2022-01-18 12:56:29 +01:00
trace.h	trace: switch position of headers to what Meson requires	2020-08-21 06:18:24 -04:00