On Wed, 2023-07-26 at 09:44 +0100, Paul Durrant wrote: > On 25/07/2023 11:05, David Woodhouse wrote: > > From: David Woodhouse <d...@amazon.co.uk> > > > > Fuzzing showed that a guest could bind an interdomain port to itself, by > > guessing the next port to be allocated and putting that as the 'remote' > > port number. By chance, that works because the newly-allocated port has > > type EVTCHNSTAT_unbound. It shouldn't. > > > > Signed-off-by: David Woodhouse <d...@amazon.co.uk> > > --- > > hw/i386/kvm/xen_evtchn.c | 11 +++++++++-- > > 1 file changed, 9 insertions(+), 2 deletions(-) > > > > Reviewed-by: Paul Durrant <p...@xen.org> >
Thanks. I'll change the title prefix to 'hw/xen' since it's in hw/ not target/i386. Please can I have also have a review for https://lore.kernel.org/qemu-devel/20076888f6bdf06a65aafc5cf954260965d45b97.ca...@infradead.org/ I'll then send these outstanding patches from my tree as a series for 8.1: David Woodhouse (4): hw/xen: Clarify (lack of) error handling in transaction_commit() hw/xen: fix off-by-one in xen_evtchn_set_gsi() i386/xen: consistent locking around Xen singleshot timers hw/xen: prevent guest from binding loopback event channel to itself
smime.p7s
Description: S/MIME cryptographic signature
