Date: Sun, 7 Jul 2024 11:41:44 GMT From: Warner Losh <imp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 814bf1fddd27 - main - virtio_p9fs: fix panic on qemu/kvm Message-ID: <202407071141.467BfiP5052335@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=814bf1fddd27aea69740f9e7426302354285cad4 commit 814bf1fddd27aea69740f9e7426302354285cad4 Author: Danilo Egea Gondolfo <danilo@FreeBSD.org> AuthorDate: 2024-07-06 16:51:51 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2024-07-07 11:39:27 +0000 virtio_p9fs: fix panic on qemu/kvm When the module is loaded on a system running on qemu/kvm the "modern" virtio infrastructure is used and virtio_read_device_config() will end up calling vtpci_modern_read_dev_config(). This function cannot read values of arbitrary sizes and will panic if the p9fs mount tag size is not supported by it. Use virtio_read_device_config_array() instead. It was tested on both bhyve and qemu/kvm. PR: 280098 Co-authored-by: Mark Peek <mp@FreeBSD.org> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1320 --- sys/dev/virtio/p9fs/virtio_p9fs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/virtio/p9fs/virtio_p9fs.c b/sys/dev/virtio/p9fs/virtio_p9fs.c index aa174d3bd5ba..3600e0ea09c9 100644 --- a/sys/dev/virtio/p9fs/virtio_p9fs.c +++ b/sys/dev/virtio/p9fs/virtio_p9fs.c @@ -352,9 +352,9 @@ vt9p_attach(device_t dev) mount_tag = malloc(mount_tag_len + 1, M_P9FS_MNTTAG, M_WAITOK | M_ZERO); - virtio_read_device_config(dev, + virtio_read_device_config_array(dev, offsetof(struct virtio_9pnet_config, mount_tag), - mount_tag, mount_tag_len); + mount_tag, 1, mount_tag_len); device_printf(dev, "Mount tag: %s\n", mount_tag);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202407071141.467BfiP5052335>