Changeset 97030 in vbox for trunk/src/VBox/Devices

Timestamp:

Oct 6, 2022 2:16:55 PM (2 years ago)

Author:

vboxsync

Message:

virtio: Do not select the wrong virtq (see bugref:10301).

File:

• trunk/src/VBox/Devices/VirtIO/VirtioCore.cpp (modified) (2 diffs)

trunk/src/VBox/Devices/VirtIO/VirtioCore.cpp

@@ -1560 +1560 @@
     else
     if (VIRTIO_DEV_CONFIG_MATCH_MEMBER(   uVirtqSelect,               VIRTIO_PCI_COMMON_CFG_T, uOffsetOfAccess))
-        VIRTIO_DEV_CONFIG_ACCESS(         uVirtqSelect,               VIRTIO_PCI_COMMON_CFG_T, uOffsetOfAccess, pVirtio);
+    {
+        if (fWrite) {
+            uint16_t uVirtqNew = *(uint16_t *)pv;
+
+            if (uVirtqNew < RT_ELEMENTS(pVirtio->aVirtqueues))
+                VIRTIO_DEV_CONFIG_ACCESS( uVirtqSelect,               VIRTIO_PCI_COMMON_CFG_T, uOffsetOfAccess, pVirtio);
+            else
+                LogFunc(("... WARNING: Guest attempted to write invalid virtq selector (ignoring)\n"));
+        }
+        else
+            VIRTIO_DEV_CONFIG_ACCESS(     uVirtqSelect,               VIRTIO_PCI_COMMON_CFG_T, uOffsetOfAccess, pVirtio);
+    }
     else
     if (VIRTIO_DEV_CONFIG_MATCH_MEMBER(   GCPhysVirtqDesc,            VIRTIO_PCI_COMMON_CFG_T, uOffsetOfAccess))
@@ -1718 +1729 @@
 
     if (VIRTIO_DEV_CONFIG_MATCH_MEMBER(   uVirtqSelect,        VIRTIO_LEGACY_PCI_COMMON_CFG_T, offPort))
-        VIRTIO_DEV_CONFIG_ACCESS(         uVirtqSelect,        VIRTIO_LEGACY_PCI_COMMON_CFG_T, offPort, pVirtio);
+    {
+        if (u32 < RT_ELEMENTS(pVirtio->aVirtqueues))
+            VIRTIO_DEV_CONFIG_ACCESS(     uVirtqSelect,        VIRTIO_LEGACY_PCI_COMMON_CFG_T, offPort, pVirtio);
+        else
+            LogFunc(("... WARNING: Guest attempted to write invalid virtq selector (ignoring)\n"));
+    }
     else
 #ifdef LEGACY_MSIX_SUPPORTED