| commit | 765a707000e838c30b18d712fe6cb3dd8e0435f3 | |
| author | Paolo Bonzini <pbonzini@redhat.com> | |
| Mon, 2 Jan 2017 10:03:33 +0000 (2 11:03 +0100) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Mon, 16 Jan 2017 16:52:34 +0000 (16 17:52 +0100) | ||
| tree | e8778e48e3e72b3a337ef6118c161dc0f25e7ed8 | treesnapshot (tar.gz zip) |
| parent | bf7bb91e3c998f80d72b69707f3f6050587eddc0 | commitdiff |
megasas: fix guest-triggered memory leak
If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
Avoid this by returning only the status from map_dcmd, and loading
cmd->iov_size in the caller.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If the guest sets the sglist size to a value >=2GB, megasas_handle_dcmd
will return MFI_STAT_MEMORY_NOT_AVAILABLE without freeing the memory.
Avoid this by returning only the status from map_dcmd, and loading
cmd->iov_size in the caller.
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| hw/scsi/megasas.c | diffblobblamehistory |