xenbits.xensource.com Git - qemu-xen.git/commit

author	Michael S. Tsirkin <mst@redhat.com>
	Wed, 10 Jun 2020 13:47:49 +0000 (09:47 -0400)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 27 Aug 2020 05:03:16 +0000 (00:03 -0500)
commit	b14cd263ad87a4c3a83308f093841d247eb711f1
tree	482fad8df0de2c7f4626e6b956f9486a567aa8f1	tree
parent	68d84b133d3a3611f304a2e93f07690dd141dbd5	commit \| diff

memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"

Memory API documentation documents valid .min_access_size and .max_access_size
fields and explains that any access outside these boundaries is blocked.

This is what devices seem to assume.

However this is not what the implementation does: it simply
ignores the boundaries unless there's an "accepts" callback.

Naturally, this breaks a bunch of devices.

Revert to the documented behaviour.

Devices that want to allow any access can just drop the valid field,
or add the impl field to have accesses converted to appropriate
length.

Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <rth@twiddle.net>
Fixes: CVE-2020-13754
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1842363
Fixes: a014ed07bd5a ("memory: accept mismatching sizes in memory_region_access_valid")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20200610134731.1514409-1-mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 5d971f9e672507210e77d020d89e0e89165c8fc9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>