| 1 | The following changes since commit 64175afc695c0672876fbbfc31b299c86d562cb4: | 1 | The following changes since commit ea9cdbcf3a0b8d5497cddf87990f1b39d8f3bb0a: |
|---|---|---|---|
| 2 | 2 | ||
| 3 | arm_gicv3: Fix ICC_BPR1 reset value when EL3 not implemented (2017-06-07 17:21:44 +0100) | 3 | Merge tag 'hw-misc-20240913' of https://github.com/philmd/qemu into staging (2024-09-15 18:27:40 +0100) |
| 4 | 4 | ||
| 5 | are available in the git repository at: | 5 | are available in the Git repository at: |
| 6 | 6 | ||
| 7 | git://github.com/codyprime/qemu-kvm-jtc.git tags/block-pull-request | 7 | https://gitlab.com/stefanha/qemu.git tags/block-pull-request |
| 8 | 8 | ||
| 9 | for you to fetch changes up to 56faeb9bb6872b3f926b3b3e0452a70beea10af2: | 9 | for you to fetch changes up to 89cd6254b80784a1b3f574407192493ef92fe65f: |
| 10 | 10 | ||
| 11 | block/gluster.c: Handle qdict_array_entries() failure (2017-06-09 08:41:29 -0400) | 11 | hw/block: fix uint32 overflow (2024-09-17 12:12:30 +0200) |
| 12 | 12 | ||
| 13 | ---------------------------------------------------------------- | 13 | ---------------------------------------------------------------- |
| 14 | Gluster patch | 14 | Pull request |
| 15 | |||
| 16 | An integer overflow fix for the last zone on a zoned block device whose | ||
| 17 | capacity is not a multiple of the zone size. | ||
| 18 | |||
| 15 | ---------------------------------------------------------------- | 19 | ---------------------------------------------------------------- |
| 16 | 20 | ||
| 17 | Peter Maydell (1): | 21 | Dmitry Frolov (1): |
| 18 | block/gluster.c: Handle qdict_array_entries() failure | 22 | hw/block: fix uint32 overflow |
| 19 | 23 | ||
| 20 | block/gluster.c | 3 +-- | 24 | hw/block/virtio-blk.c | 2 +- |
| 21 | 1 file changed, 1 insertion(+), 2 deletions(-) | 25 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 22 | 26 | ||
| 23 | -- | 27 | -- |
| 24 | 2.9.3 | 28 | 2.46.0 |
| 25 | |||
| 26 | diff view generated by jsdifflib |
| 1 | From: Peter Maydell <peter.maydell@linaro.org> | 1 | From: Dmitry Frolov <frolov@swemel.ru> |
|---|---|---|---|
| 2 | 2 | ||
| 3 | In qemu_gluster_parse_json(), the call to qdict_array_entries() | 3 | The product bs->bl.zone_size * (bs->bl.nr_zones - 1) may overflow |
| 4 | could return a negative error code, which we were ignoring | 4 | uint32. |
| 5 | because we assigned the result to an unsigned variable. | ||
| 6 | Fix this by using the 'int' type instead, which matches the | ||
| 7 | return type of qdict_array_entries() and also the type | ||
| 8 | we use for the loop enumeration variable 'i'. | ||
| 9 | 5 | ||
| 10 | (Spotted by Coverity, CID 1360960.) | 6 | Found by Linux Verification Center (linuxtesting.org) with SVACE. |
| 11 | 7 | ||
| 12 | Signed-off-by: Peter Maydell <peter.maydell@linaro.org> | 8 | Signed-off-by: Dmitry Frolov <frolov@swemel.ru> |
| 13 | Reviewed-by: Eric Blake <eblake@redhat.com> | 9 | Message-id: 20240917080356.270576-2-frolov@swemel.ru |
| 14 | Reviewed-by: Jeff Cody <jcody@redhat.com> | 10 | Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> |
| 15 | Message-id: 1496682098-1540-1-git-send-email-peter.maydell@linaro.org | ||
| 16 | Signed-off-by: Jeff Cody <jcody@redhat.com> | ||
| 17 | --- | 11 | --- |
| 18 | block/gluster.c | 3 +-- | 12 | hw/block/virtio-blk.c | 2 +- |
| 19 | 1 file changed, 1 insertion(+), 2 deletions(-) | 13 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 20 | 14 | ||
| 21 | diff --git a/block/gluster.c b/block/gluster.c | 15 | diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c |
| 22 | index XXXXXXX..XXXXXXX 100644 | 16 | index XXXXXXX..XXXXXXX 100644 |
| 23 | --- a/block/gluster.c | 17 | --- a/hw/block/virtio-blk.c |
| 24 | +++ b/block/gluster.c | 18 | +++ b/hw/block/virtio-blk.c |
| 25 | @@ -XXX,XX +XXX,XX @@ static int qemu_gluster_parse_json(BlockdevOptionsGluster *gconf, | 19 | @@ -XXX,XX +XXX,XX @@ static int virtio_blk_handle_zone_mgmt(VirtIOBlockReq *req, BlockZoneOp op) |
| 26 | Error *local_err = NULL; | 20 | } else { |
| 27 | char *str = NULL; | 21 | if (bs->bl.zone_size > capacity - offset) { |
| 28 | const char *ptr; | 22 | /* The zoned device allows the last smaller zone. */ |
| 29 | - size_t num_servers; | 23 | - len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1); |
| 30 | - int i, type; | 24 | + len = capacity - bs->bl.zone_size * (bs->bl.nr_zones - 1ull); |
| 31 | + int i, type, num_servers; | 25 | } else { |
| 32 | 26 | len = bs->bl.zone_size; | |
| 33 | /* create opts info from runtime_json_opts list */ | 27 | } |
| 34 | opts = qemu_opts_create(&runtime_json_opts, NULL, 0, &error_abort); | ||
| 35 | -- | 28 | -- |
| 36 | 2.9.3 | 29 | 2.46.0 |
| 37 | |||
| 38 | diff view generated by jsdifflib |