diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-06-01 21:35:14 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-06-01 21:35:14 +0200 |
| commit | 3e4c5a6261770bced301b5e74233e7866166ea5b (patch) | |
| tree | 9379fddaba693ef8a045da06efee8529baa5f6f4 /gitlab/issues_text/target_missing/host_missing/accel_missing/2149 | |
| parent | e5634e2806195bee44407853c4bf8776f7abfa4f (diff) | |
| download | qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.tar.gz qemu-analysis-3e4c5a6261770bced301b5e74233e7866166ea5b.zip | |
clean up repository
Diffstat (limited to 'gitlab/issues_text/target_missing/host_missing/accel_missing/2149')
| -rw-r--r-- | gitlab/issues_text/target_missing/host_missing/accel_missing/2149 | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/gitlab/issues_text/target_missing/host_missing/accel_missing/2149 b/gitlab/issues_text/target_missing/host_missing/accel_missing/2149 deleted file mode 100644 index 7a1dc95a9..000000000 --- a/gitlab/issues_text/target_missing/host_missing/accel_missing/2149 +++ /dev/null @@ -1,11 +0,0 @@ -Segfault in libvhost-user and libvduse because of invalid pointer arithmetic with indirect read -Description of problem: -Hello, this is my first experience communicating with open-source community. I have already reported the problem and have submitted patches through qemu-devel mailing list https://mail.gnu.org/archive/html/qemu-devel/2024-01/msg02533.html, as instructed in https://www.qemu.org/docs/master/devel/submitting-a-patch.html, albeit getting no response from any maintainer. I know, that everyone are very busy and are spammed everyday from millions of threads, but I am getting very upset, that such a trivial bug lives in code base for many years and even have been copied to "sister"-library without proper review. So, excuse me, if I am taking this issue too personally. - -The problem - when one tries to use libvhost-user\libvduse and triggers for some reason non-zero-copy mode (like pushing a lot of data) of indirect descriptor reading routine `virtqueue_read_indirect_desc`, any time one got to read more than one descriptor - one would overwrite stack and depending on one's luck getting some weird behaviour, or simple crash moments later, when other code tries to access broken data. - -Steps to reproduce are non-trivial, because depends on one's host and VM (one simply gets random crashes here and there, with core dumps pointing somewhere around given libraries), but anyone who can read C code, can clearly see that pointer arithmetic of `struct vring_desc *desc` is wrong. - -Maybe, I got instructions wrong and posted fixes to wrong mailing list, maybe, nobody cares, so thank you for attention. I'll be glad to hear any advice on how can I help with fixing this simple error, besides what has been done already. - -Thank you. |