On 22.05.2026 11:13, [email protected] wrote:
From: GuoHan Zhao <[email protected]>
check_pgsizes() validates that no page-size bits smaller than
VFIO_USER_DEF_PGSIZE are set, but it still accepts pgsizes=0. This lets a
malformed server overwrite the default page-size mask with zero.
Later vfio_user_setup() asserts that proxy->dma_pgsizes is non-zero, so device
realization aborts instead of reporting a version capability error. Reject a
zero DMA page-size mask during version capability parsing.
Fixes: 36227628d824 (vfio-user: implement message send infrastructure)
Signed-off-by: GuoHan Zhao <[email protected]>
This smells like a qemu-stable material (11.0.x).
I'm picking this and patch 2/2 for stable-11.0 branch.
Please let me know if I shouldn't.
Thanks,
/mjt
