git: 814bf1fddd27 - main - virtio_p9fs: fix panic on qemu/kvm
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 07 Jul 2024 11:41:44 UTC
The branch main has been updated by imp: URL: https://cgit.FreeBSD.org/src/commit/?id=814bf1fddd27aea69740f9e7426302354285cad4 commit 814bf1fddd27aea69740f9e7426302354285cad4 Author: Danilo Egea Gondolfo <danilo@FreeBSD.org> AuthorDate: 2024-07-06 16:51:51 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2024-07-07 11:39:27 +0000 virtio_p9fs: fix panic on qemu/kvm When the module is loaded on a system running on qemu/kvm the "modern" virtio infrastructure is used and virtio_read_device_config() will end up calling vtpci_modern_read_dev_config(). This function cannot read values of arbitrary sizes and will panic if the p9fs mount tag size is not supported by it. Use virtio_read_device_config_array() instead. It was tested on both bhyve and qemu/kvm. PR: 280098 Co-authored-by: Mark Peek <mp@FreeBSD.org> Reviewed by: imp Pull Request: https://github.com/freebsd/freebsd-src/pull/1320 --- sys/dev/virtio/p9fs/virtio_p9fs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/dev/virtio/p9fs/virtio_p9fs.c b/sys/dev/virtio/p9fs/virtio_p9fs.c index aa174d3bd5ba..3600e0ea09c9 100644 --- a/sys/dev/virtio/p9fs/virtio_p9fs.c +++ b/sys/dev/virtio/p9fs/virtio_p9fs.c @@ -352,9 +352,9 @@ vt9p_attach(device_t dev) mount_tag = malloc(mount_tag_len + 1, M_P9FS_MNTTAG, M_WAITOK | M_ZERO); - virtio_read_device_config(dev, + virtio_read_device_config_array(dev, offsetof(struct virtio_9pnet_config, mount_tag), - mount_tag, mount_tag_len); + mount_tag, 1, mount_tag_len); device_printf(dev, "Mount tag: %s\n", mount_tag);