virtio: Plug memleak by freeing vdev
virtio_common_init() allocates RAM for the vdev struct (and anyadditional memory, depending on the size passed to the function). Thismemory wasn't being freed until now.
Signed-off-by: Amit Shah <amit.shah@redhat.com>...
virtio-net: don't use vdev after virtio_cleanup
virtio_cleanup() will be changed by the following patch to remove theVirtIONet struct that gets allocated via virtio_common_init(). Ensurewe don't dereference the structure after calling the cleanup function....
virtio-blk: Fix memleak on exit
Calling virtio_cleanup() will free up memory allocated invirtio_common_init().
Signed-off-by: Amit Shah <amit.shah@redhat.com>Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
virtio-pci: use generic logic for command access
In practice, guests don't generate config requeststhat cross a word boundary, so the logic todetect command word access is correct becausePCI_COMMAND is 0x4. But depending on this istricky, further, it will break with guests...
pci: Common overflow prevention
Introduce pci_config_read/write_common helpers to prevent passingaccesses down the callback chain that go beyond the config space limits.Adjust length assertions as they are no longer correct (cutting maygenerate valid 3 byte accesses)....
pci_ids: tweak names to match linux/pci_ids.h
Sync xen names to ones used by linux. Addxen platform device id as well.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hw/piix_pci.c: Fix PIIX3-xen to initialize ids
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
xen: move to new pci initializers
move ids to pci info structure
virtio: fix indirect descriptor buffer overflow
We were previously allowing arbitrarily-long indirect descriptors, whichcould lead to a buffer overflow in qemu-kvm process.
CVE-2011-2212
vhost: fix double free on device stop
vhost dev stop failed to clear the log field.Typically not an issue as dev start overwrites this field,but if logging gets disabled before the following start,it doesn't so this causes a double free.
View revisions
Also available in: Atom