projects / sdk / emulator / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f9305d3) | patch
scsi: Allocate SCSITargetReq r->buf dynamically
authorAsias He <asias@redhat.com>
Fri, 13 Sep 2013 06:56:55 +0000 (14:56 +0800)
committerSeokYeon Hwang <syeon.hwang@samsung.com>
Thu, 7 Nov 2013 04:48:38 +0000 (13:48 +0900)
commitcaced6f82aa9fbf71d1eb271d7d82483d5955b0f
treec2d90113b06d5485a52a1f458cec21e383fcfb1atree | snapshot
parentf9305d34ebf62d76edb75372926303bca9bceab6commit | diff
scsi: Allocate SCSITargetReq r->buf dynamically

BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1007330
Brew: https://brewweb.devel.redhat.com/taskinfo?taskID=6282465

This is the backport of the following commit. The patch is not
sent public since it is a embargoed bug.

   r->buf is hardcoded to 2056 which is (256 + 1) * 8, allowing 256 luns at
   most. If more than 256 luns are specified by user, we have buffer
   overflow in scsi_target_emulate_report_luns.

   To fix, we allocate the buffer dynamically.

Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Asias He <asias@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
*s/&r->buf/r->buf/ due to type change

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/scsi/scsi-bus.c diff | blob | history
include/hw/scsi/scsi.h diff | blob | history
Domain: SDK / Emulator;