[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-7.2.14 10/40] util/async.c: Forbid negative min/max in aio_conte
From: |
Michael Tokarev |
Subject: |
[Stable-7.2.14 10/40] util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params() |
Date: |
Fri, 6 Sep 2024 08:15:58 +0300 |
From: Peter Maydell <peter.maydell@linaro.org>
aio_context_set_thread_pool_params() takes two int64_t arguments to
set the minimum and maximum number of threads in the pool. We do
some bounds checking on these, but we don't catch the case where the
inputs are negative. This means that later in the function when we
assign these inputs to the AioContext::thread_pool_min and
::thread_pool_max fields, which are of type int, the values might
overflow the smaller type.
A negative number of threads is meaningless, so make
aio_context_set_thread_pool_params() return an error if either min or
max are negative.
Resolves: Coverity CID 1547605
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240723150927.1396456-1-peter.maydell@linaro.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 851495571d14fe2226c52b9d423f88a4f5460836)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/util/async.c b/util/async.c
index a1f07fc5a7..0cc3037e0c 100644
--- a/util/async.c
+++ b/util/async.c
@@ -744,7 +744,7 @@ void aio_context_set_thread_pool_params(AioContext *ctx,
int64_t min,
int64_t max, Error **errp)
{
- if (min > max || !max || min > INT_MAX || max > INT_MAX) {
+ if (min > max || max <= 0 || min < 0 || min > INT_MAX || max > INT_MAX) {
error_setg(errp, "bad thread-pool-min/thread-pool-max values");
return;
}
--
2.39.2
- [Stable-7.2.14 01/40] qapi/qom: Document feature unstable of @x-vfio-user-server, (continued)
- [Stable-7.2.14 01/40] qapi/qom: Document feature unstable of @x-vfio-user-server, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 02/40] target/arm: Use float_status copy in sme_fmopa_s, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 07/40] target/i386: do not crash if microvm guest uses SGX CPUID leaves, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 11/40] hw/virtio: Fix the de-initialization of vhost-user devices, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 04/40] hw/nvme: fix memory leak in nvme_dsm, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 06/40] intel_iommu: fix FRCD construction macro, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 03/40] target/arm: Use FPST_F16 for SME FMOPA (widening), Michael Tokarev, 2024/09/06
- [Stable-7.2.14 08/40] chardev/char-win-stdio.c: restore old console mode, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 05/40] hw/cxl/cxl-host: Fix segmentation fault when getting cxl-fmw property, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 09/40] hw/intc/loongson_ipi: Access memory in little endian, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 10/40] util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params(),
Michael Tokarev <=
- [Stable-7.2.14 12/40] target/rx: Use target_ulong for address in LI, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 14/40] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 13/40] hw/char/bcm2835_aux: Fix assert when receive FIFO fills up, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 16/40] target/arm: Fix UMOPA/UMOPS of 16-bit values, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 15/40] target/arm: Don't assert for 128-bit tile accesses when SVL is 128, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 17/40] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl(), Michael Tokarev, 2024/09/06
- [Stable-7.2.14 18/40] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 19/40] docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str, Michael Tokarev, 2024/09/06
- [Stable-7.2.14 20/40] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb(), Michael Tokarev, 2024/09/06
- [Stable-7.2.14 21/40] hw/arm/mps2-tz.c: fix RX/TX interrupts order, Michael Tokarev, 2024/09/06