71aed0d95c
- kvm-virtio-net-Add-queues-before-loading-them.patch [RHEL-69477] - kvm-docs-system-s390x-bootdevices-Update-loadparm-docume.patch [RHEL-68440] - kvm-docs-system-bootindex-Make-it-clear-that-s390x-can-a.patch [RHEL-68440] - kvm-hw-s390x-Restrict-loadparm-property-to-devices-that-.patch [RHEL-68440] - kvm-hw-Add-loadparm-property-to-scsi-disk-devices-for-bo.patch [RHEL-68440] - kvm-scsi-fix-allocation-for-s390x-loadparm.patch [RHEL-68440] - kvm-pc-bios-s390x-Initialize-cdrom-type-to-false-for-eac.patch [RHEL-68440] - kvm-pc-bios-s390x-Initialize-machine-loadparm-before-pro.patch [RHEL-68440] - kvm-pc-bios-s390-ccw-Re-initialize-receive-queue-index-b.patch [RHEL-68440] - kvm-vnc-fix-crash-when-no-console-attached.patch [RHEL-61633] - Resolves: RHEL-69477 (qemu crashed when migrate vm with multiqueue from rhel9.4 to rhel9.6) - Resolves: RHEL-68440 (The new "boot order" feature is sometimes not working as expected [RHEL 9]) - Resolves: RHEL-61633 (Qemu-kvm crashed if no display device setting and switching display by remote-viewer [rhel-9])
49 lines
1.8 KiB
Diff
49 lines
1.8 KiB
Diff
From 15f5e84210537514394b18e9dc6c710ad1218ecd Mon Sep 17 00:00:00 2001
|
|
From: Paolo Bonzini <pbonzini@redhat.com>
|
|
Date: Tue, 19 Nov 2024 22:31:22 +0100
|
|
Subject: [PATCH 06/10] scsi: fix allocation for s390x loadparm
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
RH-Author: Thomas Huth <thuth@redhat.com>
|
|
RH-MergeRequest: 298: [c9s] Fixes for the new s390x "boot order" feature
|
|
RH-Jira: RHEL-68440
|
|
RH-Acked-by: Cédric Le Goater <clg@redhat.com>
|
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
RH-Commit: [5/8] 6a0e420261eb0521d4f979d2a6c250ee4aae7606 (thuth/qemu-kvm-cs9)
|
|
|
|
Coverity reports a possible buffer overrun due to a non-NUL-terminated
|
|
string in scsi_property_set_loadparm(). While things are not so easy,
|
|
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
|
|
buffer that is not NUL-terminated, in this case the string *does* have
|
|
to be NUL-terminated because it is read by scsi_property_get_loadparm
|
|
and s390_build_iplb.
|
|
|
|
Reviewed-by: jrossi@linux.ibm.com
|
|
Cc: thuth@redhat.com
|
|
Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18)
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
(cherry picked from commit b73d7eff1eedb2399cd594bc872d5db13506d951)
|
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
---
|
|
hw/scsi/scsi-disk.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c
|
|
index 7566a5f531..de0c295173 100644
|
|
--- a/hw/scsi/scsi-disk.c
|
|
+++ b/hw/scsi/scsi-disk.c
|
|
@@ -3152,7 +3152,7 @@ static void scsi_property_set_loadparm(Object *obj, const char *value,
|
|
return;
|
|
}
|
|
|
|
- lp_str = g_malloc0(strlen(value));
|
|
+ lp_str = g_malloc0(strlen(value) + 1);
|
|
if (!qdev_prop_sanitize_s390x_loadparm(lp_str, value, errp)) {
|
|
g_free(lp_str);
|
|
return;
|
|
--
|
|
2.39.3
|
|
|