[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 60/77] virtio-balloon: Prevent guest from starting a report when
From: |
Michael Roth |
Subject: |
[PATCH 60/77] virtio-balloon: Prevent guest from starting a report when we didn't request one |
Date: |
Thu, 3 Sep 2020 15:59:18 -0500 |
From: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Based on code review it appears possible for the driver to force the device
out of a stopped state when hinting by repeating the last ID it was
provided.
Prevent this by only allowing a transition to the start state when we are
in the requested state. This way the driver is only allowed to send one
descriptor that will transition the device into the start state. All others
will leave it in the stop state once it has finished.
Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Message-Id: <20200720175115.21935.99563.stgit@localhost.localdomain>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 20a4da0f23078deeff5ea6d1e12f47d968d7c3c9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
hw/virtio/virtio-balloon.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index e20f90dad4..a30a0c7bfa 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -466,7 +466,8 @@ static bool get_free_page_hints(VirtIOBalloon *dev)
ret = false;
goto out;
}
- if (id == dev->free_page_report_cmd_id) {
+ if (dev->free_page_report_status == FREE_PAGE_REPORT_S_REQUESTED &&
+ id == dev->free_page_report_cmd_id) {
dev->free_page_report_status = FREE_PAGE_REPORT_S_START;
} else {
/*
--
2.17.1
- [PATCH 52/77] hw/sd/sdcard: Simplify realize() a bit, (continued)
- [PATCH 52/77] hw/sd/sdcard: Simplify realize() a bit, Michael Roth, 2020/09/03
- [PATCH 51/77] hw/sd/sdcard: Restrict Class 6 commands to SCSD cards, Michael Roth, 2020/09/03
- [PATCH 53/77] hw/sd/sdcard: Do not allow invalid SD card sizes, Michael Roth, 2020/09/03
- [PATCH 54/77] hw/sd/sdcard: Update coding style to make checkpatch.pl happy, Michael Roth, 2020/09/03
- [PATCH 56/77] target/hppa: Free some temps in do_sub, Michael Roth, 2020/09/03
- [PATCH 55/77] hw/sd/sdcard: Do not switch to ReceivingData if address is invalid, Michael Roth, 2020/09/03
- [PATCH 57/77] tpm: tpm_spapr: Exit on TPM backend failures, Michael Roth, 2020/09/03
- [PATCH 59/77] qdev: Fix device_add DRIVER,help to print to monitor, Michael Roth, 2020/09/03
- [PATCH 62/77] virtio-balloon: always indicate S_DONE when migration fails, Michael Roth, 2020/09/03
- [PATCH 58/77] tests: tpm: Skip over pcrUpdateCounter byte in result comparison, Michael Roth, 2020/09/03
- [PATCH 60/77] virtio-balloon: Prevent guest from starting a report when we didn't request one,
Michael Roth <=
- [PATCH 63/77] linux-headers: update against Linux 5.7-rc3, Michael Roth, 2020/09/03
- [PATCH 61/77] virtio-balloon: Add locking to prevent possible race when starting hinting, Michael Roth, 2020/09/03
- [PATCH 71/77] migration/block-dirty-bitmap: fix dirty_bitmap_mig_before_vm_start, Michael Roth, 2020/09/03
- [PATCH 65/77] virtio: list legacy-capable devices, Michael Roth, 2020/09/03
- [PATCH 66/77] virtio: verify that legacy support is not accidentally on, Michael Roth, 2020/09/03
- [PATCH 05/77] net: Do not include a newline in the id of -nic devices, Michael Roth, 2020/09/03
- [PATCH 67/77] intel_iommu: Use correct shift for 256 bits qi descriptor, Michael Roth, 2020/09/03
- [PATCH 69/77] libvhost-user: Report descriptor index on panic, Michael Roth, 2020/09/03
- [PATCH 68/77] virtio-pci: Changed vdev to proxy for VirtIO PCI BAR callbacks., Michael Roth, 2020/09/03