Hide Forgot
Description of problem: Include the following post-QEMU-2.3 patches: commit c6d231e2fd3773ef9a566ca24962f2314cb78f73 Author: Alex Williamson <alex.williamson> Date: Tue Apr 28 11:14:02 2015 -0600 vfio-pci: Fix error path sign This is an impossible error path due to the fact that we're reading a kernel provided, rather than user provided link, which will certainly always fit in PATH_MAX. Currently it returns a fixed 26 char path plus %d group number, which typically maxes out at double digits. However, the caller of the initfn certainly expects a less-than zero return value on error, not just a non-zero value. Therefore we should correct the sign here. Reported-by: Laszlo Ersek <lersek> Reviewed-by: Laszlo Ersek <lersek> Signed-off-by: Alex Williamson <alex.williamson> commit 07ceaf98800519ef9c5dc893af00f1fe1f9144e4 Author: Alex Williamson <alex.williamson> Date: Tue Apr 28 11:14:02 2015 -0600 vfio-pci: Further fix BAR size overflow In an analysis by Laszlo, the resulting type of our calculation for the end of the MSI-X table, and thus the start of memory after the table, is uint32_t. We're therefore not correctly preventing the corner case overflow that we intended to fix here where a BAR >=4G could place the MSI-X table to end exactly at the 4G boundary. The MSI-X table offset is defined by the hardware spec to 32bits, so we simply use a cast rather than changing data structure types. This scenario is purely theoretically, typically the MSI-X table is located at the front of the BAR. Reported-by: Laszlo Ersek <lersek> Reviewed-by: Laszlo Ersek <lersek> Signed-off-by: Alex Williamson <alex.williamson> Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Neither of these are directly test-able, but are included in qemu-kvm-rhel and should therefore be included in qemu-kvm-rhev. The error path is unreachable, the overflow requires a very specific, theoretical device.
Fix included in qemu-kvm-rhev-2.3.0-6.el7
According to comment4 and comment5, set this issue as verified. QE will continue to track new bzs. Best Regards, Junyi
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2546.html