From nobody Sun Apr 12 00:57:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1771580513; cv=none; d=zohomail.com; s=zohoarc; b=Y5Ar4HN63lKKL0ZbS8+vdvI1HNYhVyGk34f2y2WAGUlXgV6b98KJ7a/0ZaMvfa1FWr4uUzUlBfAFhGfDIr4xJx21cvijSzszLchAXjhfqhhpBLg2uFt+DM3ejvyNt2c8ndM8mIO20ObipJILWlR5DU1pFdZ6lVCdSAYzIPKrHho= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771580513; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=SlpIs7HxvpNUl6SGlFxac68GQUrChL5tt4rCQDRBkQw=; b=aVPy0McXknAvShXVFnycHfMA+cTGG5Ne8OQCvrzb9CACgWTo2di8OOc98NaS5/kTns9P7g4P7ZE0MMZA8JVZbYILqISKiiO2qzMVJKIUcf9/xUwykY3Z0B2npeI4PUz4uFGeEAUil3icQRmIaDJBJGqEimVGcsvGDsz5nn/NfpM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771580513406734.9785899977196; Fri, 20 Feb 2026 01:41:53 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtN0z-0007rI-Ja; Fri, 20 Feb 2026 04:41:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtN0P-0007gu-Oy for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:03 -0500 Received: from mail-wm1-x32b.google.com ([2a00:1450:4864:20::32b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vtN0N-0006LX-Hv for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:01 -0500 Received: by mail-wm1-x32b.google.com with SMTP id 5b1f17b1804b1-4836f363d0dso15682665e9.3 for ; Fri, 20 Feb 2026 01:40:59 -0800 (PST) Received: from [127.0.1.1] (ppp-2-86-215-248.home.otenet.gr. [2.86.215.248]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a5ac87sm58432818f8f.3.2026.02.20.01.40.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Feb 2026 01:40:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1771580458; x=1772185258; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=SlpIs7HxvpNUl6SGlFxac68GQUrChL5tt4rCQDRBkQw=; b=r/Kq//95bu0wOM5QnA4R8NyX3nhpr2/RaMUedvnXU5vL0v0E83l3ypjiyEEcXUcDr2 0SHtsQCIpLBYZaNa5iqEAxD9gbGV4U1AcWG200xz+JO5Z4cmk9GgDXZRzhoqPu0srgrB gdNKmxImHVk0Ks7zfKsk7mS0iyICbTykfSKJIa2afwaT0TimSOLyy9ljG+a7s5cyJHYo ggI5jZRu1+FL2oe2pPTETYDAPcd+r4QiwsaIwKlP5OBqjH6NjXXv4cCxB/NV4zPGdj43 i6ABcB0q8WGIcjzbP9fRSPQv0+U2x1vChrwV/qvLJXAPD9YM0EcT7nnZi/LLkrLznqCO d+eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771580458; x=1772185258; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SlpIs7HxvpNUl6SGlFxac68GQUrChL5tt4rCQDRBkQw=; b=LPwmw0vOjossJbI5dHMUk5iDZOC1+tfavJvIIb22xqM3PukjfypoFCAkZIdrlOWyik EwM9/rpm8g5kt+icg+MWZBTuMUo9hNOplpCjOYi669gcD8cghvb30W1TuRfaQNOb4OyR UU+4cD6/gQ3tdCWkS4GhufinIqXOZX362QZZMQy67Ab03kZhbxqXHyHPx8avVTIkZlJi rNsRBkBguBhTA1vwcTnVl68ljDB6nIbmv5eul+KFwPG7VWhPBR4AuguAjG0ssEdDiDoY eca8HXyL4HfzU0l2hkXqQKQwpO19beOFpegCGZnfi/fpXsCUr//KlhRudY+L8aSBe+qW rLVw== X-Gm-Message-State: AOJu0YyUmVYAQ4hZkuFo6jF/ZOQUiQVKjqPK7NTQRG28JKIw/u0R/eXu +EqiUJaijA45gzumEyHle0zT/Y0n8ycAlheKYMPKOCNsacQzR3bMgzkPO11n09JGbX8= X-Gm-Gg: AZuq6aLDN6Ubuss2Jq0IedKmEkrG14az1eeXrlFr0TnsUMjNj6AzFaD268H3ZOLQl7q Dn47MCdcQSu6ngapoMC21TSd6sby24zPJkQawyiAvX58RLu7KYACTNZBFots2KqWExLwaaPlupf DjFX4WOZDM5Du+vHhKOCrrCtpi9IOXXeAcP6eHGqG54ez8z+SiV53WgE9a7wj2GldbRKbXKGrHr zLZzANqSaskLVJr+LiWJWJdjShL5YQz6ohUdtrA66o1KA8L38HnTAtUnxn24Smix5SSQIH/SocT N4jaaDKDSQLh+1l8f8rGG0H9qxW6H9RNlP4lQVVDIhQmz44XSyFLw6rZGl9HVGsxKJWcyCC+7Ha NS83obkuA6x/oDuQIzWpcdXyrMEzVKqemgOniLcyMFRxPaAfonNPR/aRKZReIw7a5X4zZlqdSWj wPQH/w3iSrWsIArSU8LrvbzRXBpxFKvMZJzxlJYV13iW+kzuIpDrnQGu2tOvsZ2KgfoW8SWeI7s XCJ86ug2riqLGuXfBlNMKdcIp9BzOJpHvCk0s0= X-Received: by 2002:a05:600c:6389:b0:477:7af8:c8ad with SMTP id 5b1f17b1804b1-48379c1f4d3mr396805725e9.31.1771580457961; Fri, 20 Feb 2026 01:40:57 -0800 (PST) From: Manos Pitsidianakis Date: Fri, 20 Feb 2026 11:40:12 +0200 Subject: [PATCH 1/5] MAINTAINERS: add me as maintainer to virtio-snd MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260220-virtio-snd-series-v1-1-207c4f7200a2@linaro.org> References: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> In-Reply-To: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Gerd Hoffmann , Manos Pitsidianakis X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=679; i=manos.pitsidianakis@linaro.org; h=from:subject:message-id; bh=IWq8DZoGv+eVxDl5bZ7ougnypMGJjby3X1fmxpbt+B8=; b=LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0VCYlFLUy9aQU5Bd0FLQVhjcHgzQi9mZ 25RQWNzbVlnQnBtQ3duUFQ2NWF3RGVOK0FCejVhTDRNMXhxK3p1CnE5RWtGSmxBeE5lbXhLa3or NXFKQWpNRUFBRUtBQjBXSVFUTVhCdE9SS0JXODRkd0hSQjNLY2R3ZjM0SjBBVUMKYVpnc0p3QUt DUkIzS2Nkd2YzNEowRnVVRUFDVHo3NVRyRjdocmFqMWlrSlhhZitTOWd5TEIvN3RPVis4LytKSQ phQU9hV0l4c3ZVVjJxQUpNbUFyR0kzNjVPMzFJdU0vOUFaa0IyMnhMM3VJdFlmWTA5eVFZbVNJO DFXVERsczdiCnJHVDlRUWNtY1k3LzhOUDIwWFYzaFZHSGdCbUt0c1ZxR2hRczVieW1uVFlQVUVo dHA4cnh6bUE2SXhiRUhiSksKMUR3cUlnYWltd1lGdEF0TFQzY0djZlhGTmdsYjQveW5qcXR6Sjh uUUtyRTNxbm1YQWppUjJPelBqOEdOTmFudgpUNTdPTG5QUHB2R3RKU1pJOE5nTnpteVFjQ3pXbn NJNlpGS0R5ZFUwNHVHYUE2THNBUm82ODJZVVU3RG1GbXIxCm8wM290WFRvRzlIak9kdzRaWER6R GlPV2J4UGJ4KzFXdFJPUFRqWFBlY010cEdlYmpHUTErNWZvT3dYWVBNZFEKTnpvOCtLbUV4d01x K2ZEVkNQTTlLQklteG5oZ3QySWdzNnBla2Rjd2c4WVgyYWRXamViKzhPQ3B6eTVNV3ZHTApOb2M 2ZGVDUkVqTVFFT3ZPN1ErYkRZOHVld29WQUd3MzdITUdtVjNHREowV0tFcEdVSVBLMTE0d3FIYW YwT1EvCkxvU2IxYmN3Njdta001ekNzSEZxbWxMWjJIYWF1ZTZIN0J1TzBpVUMvempJTm1CT1RRK 0tUWU9SMHNFNTdiNkgKQ0pnMy8wbVl5b1EyWDFXOUlsZVdXQldkZmN6UGtwbE93Sk83MDk1aVlS SzVPcWl6QzNsS05Nc29OTWRqcDdsZQpuc2tSSjlkblZkK0VaNmVIZkJ2a2JxU1hxZjlQWlk4YWZ jUi9ERjhhbHVnWTJ0MVBNN25kRVY2NEplaDZqcEZ5Cmt5QUNKQT09Cj16SE83Ci0tLS0tRU5EIF BHUCBNRVNTQUdFLS0tLS0K X-Developer-Key: i=manos.pitsidianakis@linaro.org; a=openpgp; fpr=7C721DF9DB3CC7182311C0BF68BC211D47B421E1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::32b; envelope-from=manos.pitsidianakis@linaro.org; helo=mail-wm1-x32b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1771580514660154100 Cc: "Michael S. Tsirkin" Signed-off-by: Manos Pitsidianakis Reviewed-by: Alex Benn=C3=A9e --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index e0c481e2125d81298a52caf7f7b51c3e4f026d85..63231747b0692f764b51bf36797= cff3e9849e1a2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -2601,7 +2601,7 @@ F: include/hw/virtio/virtio-mem.h =20 virtio-snd M: Gerd Hoffmann -R: Manos Pitsidianakis +M: Manos Pitsidianakis S: Supported F: hw/audio/virtio-snd.c F: hw/audio/virtio-snd-pci.c --=20 2.47.3 From nobody Sun Apr 12 00:57:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1771580511; cv=none; d=zohomail.com; s=zohoarc; b=mT67ldqjruF/QEfPocTPOfKoPgPg6iwb3IaLy0cw69mF+OhXBbcUv9odz8/UxB0G5uPSZCL1QrgDV6vrkkwJ7xmC2YBcHAY+ZK4amXa2Jcv48IUBKtjMjEzKePlreXmCvjhkvJDc5O4eWMAjL+NM/FvqrT1sB+kXQOHSIB2pHKE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771580511; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=SIJ/aOmBJLiUk8hgsB8l2oViBbvawbOAhl3S0dnBdUI=; b=dGOdrNWVh2TN2iOiTlLmPX+MSNqByCsgxw7RD9N71h21HvDzjsAGkSru/nqgt5hMxMwHmoNuyT9l0oW9ngnMkDohcohbbOKXscB8iwl6/UsVL3uLnOhxcgL+/romCiNeZfvGhdwqSpuEaHyjdxHh3LQH8J/HP5tThNfaAza1FDk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771580511855294.93504315285054; Fri, 20 Feb 2026 01:41:51 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtN0g-0007kR-Ke; Fri, 20 Feb 2026 04:41:22 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtN0R-0007hB-Cd for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:03 -0500 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vtN0P-0006Lh-9I for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:02 -0500 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-48336a6e932so11895055e9.3 for ; Fri, 20 Feb 2026 01:41:00 -0800 (PST) Received: from [127.0.1.1] (ppp-2-86-215-248.home.otenet.gr. [2.86.215.248]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a5ac87sm58432818f8f.3.2026.02.20.01.40.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Feb 2026 01:40:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1771580459; x=1772185259; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=SIJ/aOmBJLiUk8hgsB8l2oViBbvawbOAhl3S0dnBdUI=; b=o8Y/kj0cHhg1qmY7S9+4gvgVFByf2doI/UnF4HMQOExUWDhrHx1WQNFO47ZJ2vcaDR IC9/h7HVEttMVG6UJcjkKgEMjFl1avvT7OQYd9jrMt1YGLKCItXVBIT4g2fE7dByetAk j4W1aU/2tyCy6zV35YRxgMBtJwmViNPufG6vYA3BRW6ol29LUuWPl8UiBQgUQV4Aw9Yt mDhs1VcJ3JibGpucyywWa4HKS7kRPopUApgLYMQEDW0OD5qKX50Gx0P2WWEZg2EU/hUb Uuh3a+cSwt0y4NZ/Q4av76DktXy0W83SfWcLNILi/7VI+uuoMxPn8r7vCAMgaWNI0VtU qXVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771580459; x=1772185259; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SIJ/aOmBJLiUk8hgsB8l2oViBbvawbOAhl3S0dnBdUI=; b=DwJoMXEcL3nenM/HodZ8+T3t76TOR4vqm2yTb1Qkgvjk7KAFoPbK/6bQmUvTnM3wst 02Z9Fhw+OLpsQnvD8RX27InY01EE8+5W928S84JBtWCqjJkvmywXcU/rpRmOH7auW5p/ MoMtuBkFUTjBxha86ii5aXhgNb4aAcfuf57FdtuZx7DSSICJO31qJVh+MDkga/nNDUQ+ YmJBIWMZ2CvB/TKzgKYaMEtjvISG1je7vhx/aLP7B4dCcWC5hcdjFOZdWjLrR5TdWj9T Zz9pfyhWmxgAus3F+wAzhCAUJcVgR2ZWFp+rL1lCeu+fhVFJZs7cFMtjcbdcW4pW2SAW SQxg== X-Gm-Message-State: AOJu0YwgdmE8teoVvXTuVs1eiLtpAjpRjSsXzvXwBOCXzzS3Z9WuEBtt JpBUhO3OY5VtI5hrhx5hJAbLgcqeMB75KPuuKLdYmWPciw6z23TeezfxsoF8OQco/50= X-Gm-Gg: AZuq6aLhwcYCaySTvJmVIa4sh39q7fnteCXRZpqaT27Z3As3luItJrQd45GUsfiWbTA ZvMIQbEWiozOJG28Z7banKGbD13lB+/nW7xs9TP9q7+WG+FvPq+cG80N21lS1AKDsN2HU5pX7GP aRlsxZa8P6blOmS8M6ZjO4xgPa+gmLsLIM8Zo3lR8dqLpvXQN1YWOKUbG0zKdmb1FdtUJsKfkER mmsrvtKtqKv0ZouVq8giRtJmLwOMEepNZjDH8ulmxa1KzKdK2uFcLfiehGeFgPb6+smQ4J+tthc zInRjP372VdDKIRa4E3YmsPlnqvF4V/mbXW3Z8eedIb4jsNBoZdaFaXUdgJZmOkvKAfNmQmfe01 cVneJ36SkO+bsUY+CHvXGvdiWW0mySp3vLjnUvZg20niXeRPL593KMt0eYV7XwupMHhiR58dUu2 hDmQOC2JMKq20ejgSmzsBx9tW5ID7oD72HYbrGezzmlbgxqzD7KdHcazyUoLvBw2a7JZ2nj3AWB bUv+RscJ11qyBkB9IsZp4NAjtOT6KlC5VEzVEbhFQiHZ/Tt0w== X-Received: by 2002:a05:600c:4454:b0:483:7432:a761 with SMTP id 5b1f17b1804b1-48379be8ec0mr371974035e9.24.1771580458784; Fri, 20 Feb 2026 01:40:58 -0800 (PST) From: Manos Pitsidianakis Date: Fri, 20 Feb 2026 11:40:13 +0200 Subject: [PATCH 2/5] virtio-snd: remove TODO comments MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260220-virtio-snd-series-v1-2-207c4f7200a2@linaro.org> References: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> In-Reply-To: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Gerd Hoffmann , Manos Pitsidianakis X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3727; i=manos.pitsidianakis@linaro.org; h=from:subject:message-id; bh=F4m41JzkxYeW6cKRPP2AdaRHCDLj58SlDviQ6p93058=; b=LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0VCYlFLUy9aQU5Bd0FLQVhjcHgzQi9mZ 25RQWNzbVlnQnBtQ3duVXMzNFdsOHhTM1lzckFsa2pZV1BmUloyCjVjSlRxUVRDSkpRQVRFTm02 TkNKQWpNRUFBRUtBQjBXSVFUTVhCdE9SS0JXODRkd0hSQjNLY2R3ZjM0SjBBVUMKYVpnc0p3QUt DUkIzS2Nkd2YzNEowQ3ZXRC85aExlNzRsZWdKZlFhZ2xmYWdJK0NNektLWGsxZmFmVk0wK0h4Rw o2NTkyNVZ2cG1ZRklEa2VwYktudUxYdllTenZYaW9rMHg3aDNKZW1BTmE5eDVoRkNHT3Naa2ZhU nVOOEdtRkVVCngzTHB5YSthcExjNkV0eDdCMEJJKy9aVStkUmNvODhoRHQ1SzNUdWtZSjc0d1BI d3hKcWFXZDBZc3FpTjJHekEKZUtVQ3UrMnk1eWk5bGU0TnRlNUIvSktSYjhBOUErQys2eVp6VDZ TS1lGY0k4S2ZiM0x2NDJqMXZlV3p3a3J1TQpnWDNHeXdQM0JzajROTkRPQkxlakRzMUFFMlo0Yz krenI5TjN6TEkxdW1OQnltMWFyTnYyUVlqaU1rSDZhWHBwCmUvUzFCa3N6eVJDb0NhUnJvS2pEa FpkbE4zR1ZGSks3eUtuZlhsdTY5V0VWSURxc0didHZpZ3BBL1B6ZUtUeWUKSDhqeTNYU0NBck0r eHdyUFFZZ1RFWXR2bGMydXdpaDRsTGZSZlZOTTBhcHg3Y3R6ZE96ajhpZ29rNlVLYmZaNQoxRHg 5TVJMNEJlTFdnaHN6MXJwQjhMREFHbWFXUjRiTi8rV0FKY2lpazV1TjVRYmNyWmhobGxheHcrak tiVlFjCitEQjZDVHNCbWlEZ3VVdTV6OFZhK2pqZGJoTGViTkFEcTB1MHBuWkN1TVdvMTVueTNnZ mo4WnN0WFpkVUpHREsKMzB0eDV5SjhBdmZBbEM5Z2tiU290STE1TFc4YUVPbEttRHV3MzNPejFw S05aSDlZMXFGMkQxWmIzQjhhSXN6YwpRengwYWVaS1pSRU9kMHFnUUd3ZXBrenVhbWdyVnMzbTV qcC9jOXRRVGVNVE1OdDFHamtCb1ZJWVYrUllocUw4ClhDUlljdz09Cj1OWlVECi0tLS0tRU5EIF BHUCBNRVNTQUdFLS0tLS0K X-Developer-Key: i=manos.pitsidianakis@linaro.org; a=openpgp; fpr=7C721DF9DB3CC7182311C0BF68BC211D47B421E1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=manos.pitsidianakis@linaro.org; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1771580513106154100 Replying with a VIRTIO_SND_S_BAD_MSG error does not warrant a device reset. Instead, a device reset happens when the driver requests it from the transport. Signed-off-by: Manos Pitsidianakis --- hw/audio/virtio-snd.c | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index 9101560f3879761d99b2dc97e48864958edfb3bf..fd03efc12043b67bc6f3a16315d= 2bcc46ddbe990 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -168,9 +168,6 @@ static void virtio_snd_handle_pcm_info(VirtIOSound *s, sizeof(virtio_snd_query_info)); =20 if (msg_sz !=3D sizeof(virtio_snd_query_info)) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ qemu_log_mask(LOG_GUEST_ERROR, "%s: virtio-snd command size incorrect %zu vs \ %zu\n", __func__, msg_sz, sizeof(virtio_snd_query_info)); @@ -184,9 +181,6 @@ static void virtio_snd_handle_pcm_info(VirtIOSound *s, =20 if (iov_size(cmd->elem->in_sg, cmd->elem->in_num) < sizeof(virtio_snd_hdr) + size * count) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ error_report("pcm info: buffer too small, got: %zu, needed: %zu", iov_size(cmd->elem->in_sg, cmd->elem->in_num), sizeof(virtio_snd_pcm_info)); @@ -244,9 +238,6 @@ uint32_t virtio_snd_set_pcm_params(VirtIOSound *s, virtio_snd_pcm_set_params *st_params; =20 if (stream_id >=3D s->snd_conf.streams || s->pcm->pcm_params =3D=3D NU= LL) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ virtio_error(VIRTIO_DEVICE(s), "Streams have not been initialized.= \n"); return cpu_to_le32(VIRTIO_SND_S_BAD_MSG); } @@ -297,9 +288,6 @@ static void virtio_snd_handle_pcm_set_params(VirtIOSoun= d *s, sizeof(virtio_snd_pcm_set_params)); =20 if (msg_sz !=3D sizeof(virtio_snd_pcm_set_params)) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ qemu_log_mask(LOG_GUEST_ERROR, "%s: virtio-snd command size incorrect %zu vs \ %zu\n", __func__, msg_sz, sizeof(virtio_snd_pcm_set_params= )); @@ -609,9 +597,6 @@ static void virtio_snd_handle_pcm_release(VirtIOSound *= s, sizeof(stream_id)); =20 if (msg_sz !=3D sizeof(stream_id)) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ qemu_log_mask(LOG_GUEST_ERROR, "%s: virtio-snd command size incorrect %zu vs \ %zu\n", __func__, msg_sz, sizeof(stream_id)); @@ -623,9 +608,6 @@ static void virtio_snd_handle_pcm_release(VirtIOSound *= s, trace_virtio_snd_handle_pcm_release(stream_id); stream =3D virtio_snd_pcm_get_stream(s, stream_id); if (stream =3D=3D NULL) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ error_report("already released stream %"PRIu32, stream_id); virtio_error(VIRTIO_DEVICE(s), "already released stream %"PRIu32, @@ -668,9 +650,6 @@ process_cmd(VirtIOSound *s, virtio_snd_ctrl_command *cm= d) sizeof(virtio_snd_hdr)); =20 if (msg_sz !=3D sizeof(virtio_snd_hdr)) { - /* - * TODO: do we need to set DEVICE_NEEDS_RESET? - */ qemu_log_mask(LOG_GUEST_ERROR, "%s: virtio-snd command size incorrect %zu vs \ %zu\n", __func__, msg_sz, sizeof(virtio_snd_hdr)); --=20 2.47.3 From nobody Sun Apr 12 00:57:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1771580568; cv=none; d=zohomail.com; s=zohoarc; b=HDSFPn/XMUWJlABi017SbrBJ8E5zCuV4hPntNm3bhac/+Tg1nJQq9gvBcLngtIRUvrYHS7J7ZH5GUl9+Ow1jAEwHYrWqr3ySCeWQFpUT0GmmCSnztriUlKpN7fsdBwDstGZQDO+mkxuJg+nEaahhjnVJ7lVcLjEgrnLXjNCJH4Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771580568; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4YOqswzMlCNxwAWAnFKNUGVfGL/ym7Dl2W+MaYaNx24=; b=OouFjxvOmfNmVwFgZF24t5UpbY4oy+h1d2M2wRzi8AxBXuVTLMEjLsIQCjEXCcDpo4YfXztHIHFCR170YhnDLwShbAiXYzU774JZwG7fz8N4WjRNFz327SAYAkzeG/ik0CtH7162LYDXgiEK8pNrjN8wxJRWkdTbCdVhMWNokRs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771580568244951.9893330960602; Fri, 20 Feb 2026 01:42:48 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtN0d-0007kE-IM; Fri, 20 Feb 2026 04:41:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtN0R-0007hC-D6 for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:03 -0500 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vtN0P-0006Ly-HL for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:03 -0500 Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-436309f1ad7so1360137f8f.3 for ; Fri, 20 Feb 2026 01:41:01 -0800 (PST) Received: from [127.0.1.1] (ppp-2-86-215-248.home.otenet.gr. [2.86.215.248]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a5ac87sm58432818f8f.3.2026.02.20.01.40.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Feb 2026 01:40:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1771580460; x=1772185260; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=4YOqswzMlCNxwAWAnFKNUGVfGL/ym7Dl2W+MaYaNx24=; b=A48eDQ7FgnW/k/C8nc3KvB3CE0720q8sOgMJ+YdgvkZOXaxR68L/WeKFJtpJcIYUlr BM7VShoQ3DYzVLQGNt7Isr0dUb6UrPznvtvWq+Pt6ZZPefr0lwPtURp5DhybEAyw3sD8 tT807NHs+7/WEC+RCqPJwqj6cWrESfvlXM7BDpYdr7habJODYnE8U+JOkRz5SOrGvGPj 32GxT5SQEQivuUCSPl4S/bdtrExOkoUR/cPiLH/GshvhKbJuMJW1POhJTON9LN6oWbzh yFeVAlRs+KxEDUroTetkoamogcoZ3ohPDGP8oCR5480aUESQm97P3OY/4aBfaOU5ZeQi dDmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771580460; x=1772185260; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=4YOqswzMlCNxwAWAnFKNUGVfGL/ym7Dl2W+MaYaNx24=; b=H6y+Wf6b30/6OyBHKn97Zs8iZ/EG/kMn7EDlKHmSwn/jJa0Jile/D4uEi5Z6JoRHtF VxHzLF1h5IaEsl2F9xG7q/fI+b0CAvCkqWH4sig3Ql0Zuc+uScaMDdFgOxws3zVMooaQ 1B45LrLJj6E/d3ajcJ8X7D23Hw8ErYZQH+t5HE2gRVWkDjOG7FZRLLBWRxL5yFON5ZNl j/I+JI6TyOVXwSaXXp+4YH0wzoenm9T3CKAqHrZDrbRNiYB1zLPGOpOiJff1TeroYucH qcBaAy8iTn6xDt1wZ3Wy0Vk/xsgpo5TK4hikntO6/lllvMXv5CVJ4LM8GZSkYCssHY2z 5rVg== X-Gm-Message-State: AOJu0YwcpVP0v2E+EsrzB5qxbDJGf73S/w2qbApK5pNwsldu0zRkzmBj MlhU3ElNk3xtdmFFu0iDbXvEoRnhCw4HrU61begtaLFDEjJ8pgEtjdVnD1KCxq9nBxs= X-Gm-Gg: AZuq6aLiHBPQrdOrybL4sEuDhwOSyqWqM5eQoBIejIxtbDnkYyDZHMT4YDEDvUTtNzA jYl2q+VsjxKXVMOsfajfYuIZ6NdTJzUgWeHFlmOHAJLEf+duivX/YSNpF0RLBzSgIMy3VWx7etL 0s8PjARgXxeDugycfcmXRaymBgek9THbS7q8dYaHxcDVNoqIUsElbNkrq72qLZowQaXhyahbvR1 jFMxTYQx4UQCiVFc3GEJaYVBCZRKhTZFhHjj1LnQ0kGCJ9ZnUnBhPbpzvRJubYEwXSxiwyWxFDi GDSGcxRK6FvI6oAeNuXLM9m31/fce3irbDqH4vae3WMWVTHKgVSyJiKFCrsBx+8IWxki7sLwV1Q xlo8P+BLdIc/C504aH6e5pvXUs9QWr+UeftiCsJIC0y1ScJywL8BiMAWiR7lCKOAUKsG4ZusyhD 7DUqCl5JHoN0F+E4hMEyXlr+zrJ7V+5L9UITilR0JvjxZRX6BqOkuvUUTDaUx82lCDMKnK/xIDo 3b05StvcIdWcjoAAF1ZVK1qj3UlAUg9261S1Q0= X-Received: by 2002:a05:6000:200d:b0:437:673f:e069 with SMTP id ffacd0b85a97d-4379dbb0ba8mr34868797f8f.59.1771580459875; Fri, 20 Feb 2026 01:40:59 -0800 (PST) From: Manos Pitsidianakis Date: Fri, 20 Feb 2026 11:40:14 +0200 Subject: [PATCH 3/5] virtio-snd: handle 5.14.6.2 for PCM_INFO properly MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260220-virtio-snd-series-v1-3-207c4f7200a2@linaro.org> References: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> In-Reply-To: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Gerd Hoffmann , Manos Pitsidianakis , qemu-stable@nongnu.org, =?utf-8?q?=E7=BD=97=E9=93=AD=E6=BA=90?= X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=3420; i=manos.pitsidianakis@linaro.org; h=from:subject:message-id; bh=eIDOkQYI5WtmiaHhWjG4FMdUEZV9lpcnfdevuvn+qwA=; b=LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0VCYlFLUy9aQU5Bd0FLQVhjcHgzQi9mZ 25RQWNzbVlnQnBtQ3duR1RxMjgxTXVEMDdkZDFrbXg4VnMycGxBCmlJeEg2clZDTmFaT3ZiMEh3 OG1KQWpNRUFBRUtBQjBXSVFUTVhCdE9SS0JXODRkd0hSQjNLY2R3ZjM0SjBBVUMKYVpnc0p3QUt DUkIzS2Nkd2YzNEowSC9kRUFDTVROQ0prcTdHbWxSOTAzS3FUaXV5TkRDVXZaRmM4K3ZRbHFJSg pqZ1pJRFlEbjZHWmlraEcydFBmdFFvTFJBS3VRSWNFaU96TjQ3OGR5em13SlJCaGpieXJGTitud Etya0pYVkh6CmkxVDlLVmUweFR4VVRqUzRrTHBQaVZnekc4aXhHdjdNSytETitva0I4THpLVVc5 UG9RejFMUmNRbDhnZFNqNXIKVERWRDNpcjhiWm1RUWluWEZtUDlYeW5DTHJhc2FhZGV0K1JINmh ZbnVGdGlLL3ZPOUJTdU54NnBwZDdBZHJubgpZUWtoRlhtbHdHb0IwTEgyb09LOFVRUnIzRld4Un hIMEFaTDdnZU1MU0ZNR2YwTmtrZzJmY1pFdWNEMVVmbmtaCmsyTVlNc3dZY1UvRGdac3B1T0c4Q 0N6K1ZvNlVKbjU1aGlzWHpkTlVwQWE4OE5zL3J2dUdLQjR2WlhlK3JwZFkKOUFTTkRXUUY5V2lP aWZjbVNDNkJmYytNU0YzcmV1U2VmMElpSlNzbTdqclRNUDFPaEpySmpObGZjd0p4VTBVcwpSSlg 2WE1SeTZPY3BNbGZvcnhjMGprZ0tPVkI4VlJhei9oZkdsMW9BTUhtWmdyZnE2UFNna2tQNlpEWT VpVmNqCkFaMTVGcUxlSmdhMWcvT3I4RVU3S2w3d1VZaWd5Z2hSQXdvZzI4ZzBtN0RPNTVvQTdvS VdsMXpOcFA3SkJtcmIKcHl0bDRnQW84V2ZGR2pKZjc2Lzk4SGE2WFg4VkxqUkFCMDEyWkRPYkpJ TTJZZm5FaEZzU1ZXdGJVbkc5UFFLMwpUZVhyR3J5clVhcjJKbUVrQ256aVZQWmJtVlpKSS94dUF QQ0hxN3JuS2xoZGwyUU82THZKWkhsbTNYTzQ5cW1aCjV4MG1Pdz09Cj1oZSt2Ci0tLS0tRU5EIF BHUCBNRVNTQUdFLS0tLS0K X-Developer-Key: i=manos.pitsidianakis@linaro.org; a=openpgp; fpr=7C721DF9DB3CC7182311C0BF68BC211D47B421E1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::42d; envelope-from=manos.pitsidianakis@linaro.org; helo=mail-wr1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1771580569726158500 The section 5.14.6.2 of the VIRTIO spec says: 5.14.6.2 Driver Requirements: Item Information Request - The driver MUST NOT set start_id and count such that start_id + count is greater than the total number of particular items that is indicated in the device configuration space. - The driver MUST provide a buffer of sizeof(struct virtio_snd_hdr) + count * size bytes for the response. While we performed some check for the second requirement, it failed to check for integer overflow. Add also a check for the first requirement, which should limit exposure to any overflow, since realistically the number of streams will be low enough in value such that overflow is improbable. Cc: qemu-stable@nongnu.org Reported-by: "=E7=BD=97=E9=93=AD=E6=BA=90" Signed-off-by: Manos Pitsidianakis --- hw/audio/virtio-snd.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index fd03efc12043b67bc6f3a16315d2bcc46ddbe990..e9c24d679538f0d375c7da05a83= 6833b0897f698 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -156,7 +156,7 @@ static virtio_snd_pcm_set_params *virtio_snd_pcm_get_pa= rams(VirtIOSound *s, static void virtio_snd_handle_pcm_info(VirtIOSound *s, virtio_snd_ctrl_command *cmd) { - uint32_t stream_id, start_id, count, size; + uint32_t stream_id, start_id, count, size, tmp; virtio_snd_pcm_info val; virtio_snd_query_info req; VirtIOSoundPCMStream *stream =3D NULL; @@ -179,11 +179,34 @@ static void virtio_snd_handle_pcm_info(VirtIOSound *s, count =3D le32_to_cpu(req.count); size =3D le32_to_cpu(req.size); =20 - if (iov_size(cmd->elem->in_sg, cmd->elem->in_num) < - sizeof(virtio_snd_hdr) + size * count) { + /* + * 5.14.6.2 Driver Requirements: Item Information Request + * "The driver MUST NOT set start_id and count such that start_id + co= unt + * is greater than the total number of particular items that is indica= ted + * in the device configuration space." + */ + if (start_id > s->snd_conf.streams + || !g_uint_checked_add(&tmp, start_id, count) + || start_id + count > s->snd_conf.streams) { + error_report("pcm info: start_id + count is greater than the total= " + "number of streams, got: start_id =3D %u, count =3D %= u", + start_id, count); + cmd->resp.code =3D cpu_to_le32(VIRTIO_SND_S_BAD_MSG); + return; + } + + /* + * 5.14.6.2 Driver Requirements: Item Information Request + * "The driver MUST provide a buffer of sizeof(struct virtio_snd_hdr) + + * count * size bytes for the response." + */ + if (!g_uint_checked_mul(&tmp, size, count) + || !g_uint_checked_add(&tmp, tmp, sizeof(virtio_snd_hdr)) + || iov_size(cmd->elem->in_sg, cmd->elem->in_num) < + sizeof(virtio_snd_hdr) + size * count) { error_report("pcm info: buffer too small, got: %zu, needed: %zu", iov_size(cmd->elem->in_sg, cmd->elem->in_num), - sizeof(virtio_snd_pcm_info)); + sizeof(virtio_snd_pcm_info) * count); cmd->resp.code =3D cpu_to_le32(VIRTIO_SND_S_BAD_MSG); return; } --=20 2.47.3 From nobody Sun Apr 12 00:57:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1771580577; cv=none; d=zohomail.com; s=zohoarc; b=HXt83w1AXUxCGDh/w+sv7IxMtZ8Av6qHs1+WA9d+8MR/5eWenD3bP0dKplmbLqLhA6yU2+ZcoK+pzzME0Mm26rC7+Lhu5uIBSrRim47tQK7iQq7egVZAHy/bZfsnp1klY+MhZ9ifQbR7eVEVBAsJV5E4qMy9xJyxu4auXsTyGTU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771580577; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=oDGEMbC7gxzBCAplw3R3Fio+DNYrc5dde7dLf/vEK3g=; b=CVqEMywkmTtMrEbSkbsAaw7to0buW+cd+RSCeVz0RSNqRGThrxMsAboZHReiyE3yRb+78ducDtmVirfdv98Rw94WbmAxW9XnZEXbJuzWG8bJzGpoLSw7zpcMgTmi3QeEYLRCvubPlvYIxrzOjxDDCzoR1geFhXo9VPw24ULUZFw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771580577478411.50144079923984; Fri, 20 Feb 2026 01:42:57 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtN11-0007xY-Jy; Fri, 20 Feb 2026 04:41:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtN0S-0007hu-Jf for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:04 -0500 Received: from mail-wr1-x431.google.com ([2a00:1450:4864:20::431]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vtN0Q-0006MM-Jl for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:04 -0500 Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-436e87589e8so1873961f8f.3 for ; Fri, 20 Feb 2026 01:41:02 -0800 (PST) Received: from [127.0.1.1] (ppp-2-86-215-248.home.otenet.gr. [2.86.215.248]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a5ac87sm58432818f8f.3.2026.02.20.01.41.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Feb 2026 01:41:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1771580461; x=1772185261; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=oDGEMbC7gxzBCAplw3R3Fio+DNYrc5dde7dLf/vEK3g=; b=wgEwu+u3DkO5ZcZsP5/1UoCDy4XoudSXVTGADeJ1a4koou8e2P0D1VbHaKNinfjY1j l72oAm4xyBwFCDkT5CW5BNMO1Ty7RffSGHcuH/32FH8O29VQwzBaKwK/J/icIs6Ttcxl YGj5YI3WW54mOJHYpWKobavk2xKf7w57omjXVF34BZ/1B2TPPwW65OJEbckvIVx1MIcR rsGuIu8gjJwA6r2KOcjEVvUcF/vFW/2AdeGoIyDiE18EPXQhtjZ7UCC6BxawSyTTALMR mqk04+MpCxopSGp3R4RozpvaQCseMSY5vqlWBUKuD6VFDOWyMMBCTTJzV+qkBwfTcL00 2ACw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771580461; x=1772185261; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=oDGEMbC7gxzBCAplw3R3Fio+DNYrc5dde7dLf/vEK3g=; b=vPLt61TWwjegJwUABUm8TR02NN3jjUd/WBC2S96BLvOU7WNBBDGi/piNtzXZYKEWrt SY/4LqGtBAjPYXcqB/jqJCo2hBF3gZFCoC7zj1CpLQ80uYQYDPU3kWAd5LalbSLOCRq8 bRUT/jSBQhUvQqxqWZJYGsNJx0jWR1hp3SPiT4/U0bGsLFdjp7VhTl3XUSJW2W8KCxSr AaYMBf1IkckRqpp5Vj/Q3BJUCa6n6hjpQbodxj5RXaWFvQHPiVqOeDb6wohWe3sFv6br W7OSyiD5tyY/eQ1OIwPmg0YG6kwhOaeg40IR0nkFdKdbTBaBHGprvcu/K4SrkqTmm3SL xddg== X-Gm-Message-State: AOJu0Yzq9EAeVzmaMGHHdA1LVhuuC+Q5ydjLNQB9JOxQ7hvmvjkk4Trb RkJfwMwDL7d/gEq3aLIbp5V2XFKH4VpTNnuILEQXawkWJdea4M0ztA4C/Zpalo1xuNs= X-Gm-Gg: AZuq6aKxisGbhkua3zoZ/V+WPdfALWVGeYiNLJz6Gmoy1jQbbQ4G2IRrziRAZMcr3r4 p9YAkCf5NErvyokZfYxGjgu4YbYDJbTfpCjKAOVfk3zEY3o9FqpAgfvOGJnRCeVNyoknMeX7LLL keSxcdcpkSXLYxZcR7B0BwAPYe3RIdnmDZwnH20UgRA67346P9kIJVgejua6o/lCbGWyiZ0fi0f MWaa0jt/b0iQKstPLd5YGo/o+vtM2QFoFbPQlO/GukHyNz9vGypc+OullrhtarIOSrhClV2Padk G/3puPFavhKgebuwuL8S7KNf+ghVC3ioKMIF2i3h8FNgpbsm0fZehLhtWiOPYlfVFz0s9NoUxpx Byd27qLs8qtlCTHBqB/e/YWCkQxXKB2XA1DXZc2MUg5uTFGjKZVcGqDgJADXQAIfj6NJcjyOMqs 2rBHW7HgW+aBDKK1XHw+OqPrR2vcukX6CmMKpRNs6YJoH49/CEt8QB66W/nP2uefkY6tQy48jqQ zzTdvBvy5dIKtRLzW04g9e9UIDahbFuDAHzSUY= X-Received: by 2002:a05:6000:240f:b0:437:8fc0:87d3 with SMTP id ffacd0b85a97d-4396b08fa4amr2004733f8f.35.1771580460932; Fri, 20 Feb 2026 01:41:00 -0800 (PST) From: Manos Pitsidianakis Date: Fri, 20 Feb 2026 11:40:15 +0200 Subject: [PATCH 4/5] virtio-snd: fix max_size bounds check in input cb MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260220-virtio-snd-series-v1-4-207c4f7200a2@linaro.org> References: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> In-Reply-To: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Gerd Hoffmann , Manos Pitsidianakis , qemu-stable@nongnu.org, DARKNAVY X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1448; i=manos.pitsidianakis@linaro.org; h=from:subject:message-id; bh=+nx2QrnlRIm3S/jbuxu8fqDVQkgNviNcgiwjLhvkTyM=; b=LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0VCYlFLUy9aQU5Bd0FLQVhjcHgzQi9mZ 25RQWNzbVlnQnBtQ3dua0V1WVFKVWExdk5BSy9IZlhDVTFNb20zCjQ3MVd2Si9zSEdzWjg1NzdJ T0dKQWpNRUFBRUtBQjBXSVFUTVhCdE9SS0JXODRkd0hSQjNLY2R3ZjM0SjBBVUMKYVpnc0p3QUt DUkIzS2Nkd2YzNEowSjkrRC80aG1Fb1JBOWUvL2FNR2drQWI0dEVXejhIRTZhZWZERXNDdlpzUg pTSVI5RE0yNHVjeDBYNDVVb0c0MHVTSWFlL0NnNi9vbzBxcVFCRktUU21ZUjdBZUFwbTN2dmhCM Et1WnZjdk00Ck5oWEh2UlI1WmVqRlNHR0dtV2FWdzlsZEhwU1VjSzAyNGZxMkFDR1l5Uk5GOWJj WnB1Ni9OMlRncmUxWWxKTFoKNm14UXgxbGZIazc0MkVmb0x6blBsUElFMThBenJ3R21aMXhVN3p EL2trcHpBUWM2dFZQZEFudFRNdUVBSExlVgo0K2gxQ2ZLZ0c0aVZ6aGIybUZlVDlKRjNZd21ZUy 9lVDRzQk9Bc1VXTFlBNitRUTN3b2x4cXBwV0hhTkNDWEZCClN4NWx6b01keGtMLzM5QVlSYmxvR np1OEVPTzVLZEpiTFc4UTk1U2ZYdnp5WEM2Vm1ZUFZvendyZU1MN1BXV0IKQ2VzYjV3SGZaT2FM eVBydmtxKzA0MTdPVTRxVFJ0NzJaUWRnYjBHM2ZBdGpJQ09JOTRBazlBQjdtMmhsZmVDYQpNdmk xQ0l6YW0wY2g3SlNCSUhDaHJjRzQ5N01YSkxVRjExTWJ0QllXY3dGVHVUWHhwL0pBUEhNL203N1 k4YWtMCkJkQm1KMVZOQ0tWUFc5UlZqK0lua0Q5TnE4RDEwOVJkUC8xc0RYRjk4Y0hoZkZtOE9jS kJSOFM1Q0JvUEEzd3QKMEc5QmtqaVg0ektpQ1JUZHFIb2RaMUhVb09MaTcxK1NnWEJnd0pZcGdq bnBINHZqdmtSMzMzdUZXVEdnbTBkQwoySTdzbFdmWHBpSEVDL2luMFVOVnBSMUQvcTI0T2tiY2F oZzkrdm5EVnRIeldIR0l6WUpUK0FUNHZXWDZCQTZWCjIyeUZxZz09Cj1wYWJUCi0tLS0tRU5EIF BHUCBNRVNTQUdFLS0tLS0K X-Developer-Key: i=manos.pitsidianakis@linaro.org; a=openpgp; fpr=7C721DF9DB3CC7182311C0BF68BC211D47B421E1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::431; envelope-from=manos.pitsidianakis@linaro.org; helo=mail-wr1-x431.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1771580579699158500 In 98e77e3d we calculated the max size and checked that each buffer is smal= ler than it. We neglected to subtract the size of the virtio_snd_pcm_status header from the max size, and max_size was thus larger than the correct value, leading to potential OOB writes. If the buffer cannot fit the header or can fit only the header, return the buffer immediately. Cc: qemu-stable@nongnu.org Fixes: 98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3 ("virtio-snd: add max size = bounds check in input cb") Reported-by: DARKNAVY Signed-off-by: Manos Pitsidianakis --- hw/audio/virtio-snd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index e9c24d679538f0d375c7da05a836833b0897f698..3437211f7904ac77265d8ace8c1= a5a582c0be96d 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -1255,6 +1255,12 @@ static void virtio_snd_pcm_in_cb(void *data, int ava= ilable) } =20 max_size =3D iov_size(buffer->elem->in_sg, buffer->elem->in_nu= m); + if (max_size <=3D sizeof(virtio_snd_pcm_status)) { + return_rx_buffer(stream, buffer); + continue; + } + max_size -=3D sizeof(virtio_snd_pcm_status); + for (;;) { if (buffer->size >=3D max_size) { return_rx_buffer(stream, buffer); --=20 2.47.3 From nobody Sun Apr 12 00:57:44 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1771580567; cv=none; d=zohomail.com; s=zohoarc; b=E5I5g2vy9DU2h5E6wW9UACBhnESxc2Dy3K1hLdhELQ9lv5Qm4/6jyoJfAu3DLwEBpMPLdehHhijoYQPtThdWLYv+wRAs/iT9ziPFelhNH17bIj7gfX8x7MRos9nz2dUihbGXh+WVkKI9xlAi3VSWkUgXdeIAHbLzqlRDi3sAsd8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1771580567; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=B0IRzPWtqyZ5uN2/UAwNr0qfK9GFEvq8f/l9vnG82Uc=; b=VKVRPtOZIcURWjEW9vgq7fDL1Q5Q2sF+r6Qcnk0C+Q3WmboDV4zVXN7uk+4AhW7xWINnxJWnFZkM3OVFBS+o2HFeB/BI5wFGcbG7URp23w9t35NjZirN5rHT/y/wOn8DdrHbJZbWykP5fyfaUEcRv3mzNU9KzT3zVc+EOeRsQvk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1771580567003942.8832519071426; Fri, 20 Feb 2026 01:42:47 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vtN11-0007xQ-Eg; Fri, 20 Feb 2026 04:41:39 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vtN0T-0007ib-9R for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:10 -0500 Received: from mail-wr1-x42a.google.com ([2a00:1450:4864:20::42a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1vtN0R-0006Mh-JW for qemu-devel@nongnu.org; Fri, 20 Feb 2026 04:41:05 -0500 Received: by mail-wr1-x42a.google.com with SMTP id ffacd0b85a97d-43626796202so1699833f8f.3 for ; Fri, 20 Feb 2026 01:41:03 -0800 (PST) Received: from [127.0.1.1] (ppp-2-86-215-248.home.otenet.gr. [2.86.215.248]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a5ac87sm58432818f8f.3.2026.02.20.01.41.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Feb 2026 01:41:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1771580462; x=1772185262; darn=nongnu.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=B0IRzPWtqyZ5uN2/UAwNr0qfK9GFEvq8f/l9vnG82Uc=; b=BWTGRSqA0FdMKoKEpRx9xgldnH2JEotJx1NnNwBrvQLiHsi/nGLOlWO6ap/HSoqkWf AYTDzX8npXtMtMY0kc3QRMo1bfOfa2sIwEwQ0DamJYrpAv84sjQ+LLj+xTeusX4C7qaY kxvz0D/M+/mbcU1M/t1sD4WPXdX0SPqOIdhUq9QG8+vX0ykrLg6e2FhvmNDJxw82cXm5 My1PN8yKU3fIGwwskHrRPESfWsnDWubUANWJCHB61lt3Kc+pKaHwIGuDkAQaN4xAK1i4 L2p/5cIXPCV9P5kTY4+wChdJdoXv8f/I88nr5Kx6vtDbDrT3fQBoqxzu/Zy93DJMfagi NX5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771580462; x=1772185262; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B0IRzPWtqyZ5uN2/UAwNr0qfK9GFEvq8f/l9vnG82Uc=; b=LJbHJ5bmyildra457cOAfmiBBmRMEowDwHGG2N/ToCpHukl3hEQkgeafkNzeTXMA1+ vtBmY3TEYa1oAXLwdmcyNXXn3rprAe5Erh1LvrrcL+8lvd/JLUYyq7Sl6dSty1ROzO+F yiJy0dQR1EJgmblxrNsJ1BwLAA/iyho07D8XQQqN7olO8ZFdefjI3bkDI8bp5ciJKbQd eq0qEnkLUQbUAoPmtj5k+054lR6wAiS7QhFduwmLA+OAwIejRgttpyPNND55yjEPirDg b+VqMomY9Z64Vi/Z9gBbnbhjKiKpSZpS5MeZpQ0VicbdZ7w34JFFOa7SjCCaFYJEouSY POjQ== X-Gm-Message-State: AOJu0YxmHuZfeqKtXSGxzpToeN6JLSsi7YgFa0iv0uyYIn5kzl7F6YiI D9ZvJjy/VSLvB+3myo4bxzzBoe4BPUMk5d3DujXfxnd6aXf8mJzpVNF3aLlrfsLof2w2zFJhR9j inmNgNqc= X-Gm-Gg: AZuq6aKR62RNwXQWp7he1kHgxGuwGkPUOomVms+DXzU1IuPEghfMlkWJpxWKlm2cVEl WsK6UGOXIv9nNnWnOUnmkr5rocfUanI6tCXi6bb0psqIpK/4SCItj/10YFMGZtnDPDxlNtzq3uJ /3l+RSwc/jERbmP993EgyjqjoQXgqf9shz6mY6z4BJtSmtKJzCceDV6rdi3M5kPhZv1tNKdfP6c iGQ2YdmzVWUSms856tDnoKwtal/Fe86WgakE/QDtnHQGsuKnlbBT6LzMrlzdnb9jgo9JMtUufQL ZvGtFTDL7Sz3jG18mUghmI6d+gb+oX8P5wO89T63YQbnJqn5jEGdLgl0nNKrUp+4rnztX2sVBWu 1OUDeDwgMUURnR5uJQ6InsGlmOHw5NNNhGMBfTys9Czu0gKKh0C0mXmTCdTHbOM7YMqPMRxHNvh xXzjLnsu/D5a3mn8JbZQCHHmlSnHrgeQD66XHyUI5tQ38qh5I2LZSHsbawhXS0n79rPdgL+GpsY u0bz1vb64wTfDDbPPhOqBWxpCSZ7XW0ZahWw8U= X-Received: by 2002:a05:6000:2082:b0:436:34e8:e665 with SMTP id ffacd0b85a97d-43958e58cecmr15566146f8f.54.1771580461927; Fri, 20 Feb 2026 01:41:01 -0800 (PST) From: Manos Pitsidianakis Date: Fri, 20 Feb 2026 11:40:16 +0200 Subject: [PATCH 5/5] virtio-snd: tighten read amount in in_cb MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260220-virtio-snd-series-v1-5-207c4f7200a2@linaro.org> References: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> In-Reply-To: <20260220-virtio-snd-series-v1-0-207c4f7200a2@linaro.org> To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Gerd Hoffmann , Manos Pitsidianakis , qemu-stable@nongnu.org, DARKNAVY X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=openpgp-sha256; l=1916; i=manos.pitsidianakis@linaro.org; h=from:subject:message-id; bh=jSodi3U0ox5YuVVKKenaXqxN7t7IHGzYBhq5vHJQvs8=; b=LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpvd0VCYlFLUy9aQU5Bd0FLQVhjcHgzQi9mZ 25RQWNzbVlnQnBtQ3duWVoxMWRoSnNtSGhRRENJV2R6VFAzZG92Ck9BdUJSbEtaOUtCdkFTeGdF YkdKQWpNRUFBRUtBQjBXSVFUTVhCdE9SS0JXODRkd0hSQjNLY2R3ZjM0SjBBVUMKYVpnc0p3QUt DUkIzS2Nkd2YzNEowS0IxRC85QnFWS08rdURvSXNDWWNTbUhJRDdaR1RWM0FvVjNTT0FoU01MWA pRZm4yYXIzTHBVNUtJRVRzOFlmTWhmRkljQmFVWG05N2ZLRytpQ1ZqaGk3eTVyUWt6RXg4cG9aU y84d2xqdEt6CnNNZDk2bkROdlUrQkR4QTVURjdPZS8vK25EQStUbWNmUVJMcUlTS1U3Z21ma3lM YmpBcjkxZXJqZ0ZlNmFIVEYKT2laRk9vMjc4QzVhc08vKzFCUlNnaHBkeUpTemxpZzIxd2dEcm5 xeGViMmlqeEhmNU12NkRtV0dXaDVHU3ZpeQpBWnRIUmJwSHJFZVU2REYxekNhanhwdGNFRERMMH phNkdXZ0RPd09FaFA2ZzZlcEJYMkdPeVZxYzY5TmdVV1d1CmYrQ0NBRU5wNFlNMHVMOEhhTWszc m5uYi9NajBIbGpqL0s4KzA0RnRmYUYvWWx2MnVJSXNXdTQvSk9QVlFzT00KYklJR01FZzRLWkdu MUp0YmhjSUlnK3loQ1BpTmgyZHRpZkVaSEVFS0w5aGNHSlpHQnZIbTlLeEVoMXorYnluZwpBR2R zM2g2WElrSFVOWDdqL05QRmtMZ3VjTE9qcGJzc2hXMzNXaXlqQitla09nYkZNRG9nSHAvUkIzQ1 ZkdDZZCmVpNjdqbTdIeW53RVBIakxieTdiczErbytIZXZLY2lJeGFuUDdYQ0tXZXRpQWlQMm1GQ WRPejZpSUxTU0xybjEKSDloUmJHS1gySWkzaVRKbVV1NzVERVpkeDFMeVRnYVZIMkZqc2x1bUFa aGFzL1VPejdONlcydVNYSFlhNHBFSgo0SFZ4WjBKRzh1cDdHbDR3MWxWODRtMkhCajRtWTdxUTV 2Z1FGLzc2VXMwSnpFRStLbHB0TDgvT05uYTBteXI0CmQzUVYyQT09Cj1BNCtUCi0tLS0tRU5EIF BHUCBNRVNTQUdFLS0tLS0K X-Developer-Key: i=manos.pitsidianakis@linaro.org; a=openpgp; fpr=7C721DF9DB3CC7182311C0BF68BC211D47B421E1 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::42a; envelope-from=manos.pitsidianakis@linaro.org; helo=mail-wr1-x42a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1771580569900158500 The amount of bytes to read passed to AUD_read() should never surpass the maximum available buffer length. Tighten the current amount by MIN(, max_size - ). Cc: qemu-stable@nongnu.org Fixes: 98e77e3dd8dd6e7aa9a7dffa60f49c8c8a49d4e3 ("virtio-snd: add max size = bounds check in input cb") Reported-by: DARKNAVY Signed-off-by: Manos Pitsidianakis --- hw/audio/virtio-snd.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index 3437211f7904ac77265d8ace8c1a5a582c0be96d..fc0781ae9a3564f547e0295a95d= 8f71fb5426aa9 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -1240,7 +1240,7 @@ static void virtio_snd_pcm_in_cb(void *data, int avai= lable) { VirtIOSoundPCMStream *stream =3D data; VirtIOSoundPCMBuffer *buffer; - size_t size, max_size; + size_t size, max_size, to_read; =20 WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) { while (!QSIMPLEQ_EMPTY(&stream->queue)) { @@ -1266,10 +1266,12 @@ static void virtio_snd_pcm_in_cb(void *data, int av= ailable) return_rx_buffer(stream, buffer); break; } + to_read =3D stream->params.period_bytes - buffer->size; + to_read =3D MIN(to_read, available); + to_read =3D MIN(to_read, max_size - buffer->size); size =3D AUD_read(stream->voice.in, - buffer->data + buffer->size, - MIN(available, (stream->params.period_bytes - - buffer->size))); + buffer->data + buffer->size, + to_read); if (!size) { available =3D 0; break; --=20 2.47.3