git.ipfire.org Git - thirdparty/qemu.git/commit

author	Alexander Duyck <alexander.h.duyck@linux.intel.com>
	Mon, 20 Jul 2020 17:51:15 +0000 (10:51 -0700)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 3 Sep 2020 00:06:19 +0000 (19:06 -0500)
commit	67808fda375e3a795ae84f3fb19b540f954fa96a
tree	d9bb160b1dfca27ec14efaa8474c25a91b43f712	tree
parent	c16fd8a2bbf54a1d4fc599f6e88f69b8bbeecc28	commit \| diff

virtio-balloon: Prevent guest from starting a report when we didn't request one

Based on code review it appears possible for the driver to force the device
out of a stopped state when hinting by repeating the last ID it was
provided.

Prevent this by only allowing a transition to the start state when we are
in the requested state. This way the driver is only allowed to send one
descriptor that will transition the device into the start state. All others
will leave it in the stop state once it has finished.

Fixes: c13c4153f76d ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT")
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com>
Message-Id: <20200720175115.21935.99563.stgit@localhost.localdomain>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 20a4da0f23078deeff5ea6d1e12f47d968d7c3c9)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>