On Thu, Jun 04, 2020 at 02:14:46PM +0200, BALATON Zoltan wrote:
> On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
> > On Thu, Jun 04, 2020 at 01:49:53PM +0200, BALATON Zoltan wrote:
> > > On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
> > > > On Thu, Jun 04, 2020 at 01:37:13PM +0200, BALATON Zoltan wr
On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
On Thu, Jun 04, 2020 at 01:49:53PM +0200, BALATON Zoltan wrote:
On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
On Thu, Jun 04, 2020 at 01:37:13PM +0200, BALATON Zoltan wrote:
On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
On Thu, Jun 04, 2020 at 08:
On Thu, Jun 04, 2020 at 01:49:53PM +0200, BALATON Zoltan wrote:
> On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
> > On Thu, Jun 04, 2020 at 01:37:13PM +0200, BALATON Zoltan wrote:
> > > On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
> > > > On Thu, Jun 04, 2020 at 08:07:52AM +0200, Philippe Mathieu-
On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
On Thu, Jun 04, 2020 at 01:37:13PM +0200, BALATON Zoltan wrote:
On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
On Thu, Jun 04, 2020 at 08:07:52AM +0200, Philippe Mathieu-Daudé wrote:
On 6/4/20 12:13 AM, BALATON Zoltan wrote:
On Thu, 4 Jun 2020,
On Thu, Jun 04, 2020 at 01:37:13PM +0200, BALATON Zoltan wrote:
> On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
> > On Thu, Jun 04, 2020 at 08:07:52AM +0200, Philippe Mathieu-Daudé wrote:
> > > On 6/4/20 12:13 AM, BALATON Zoltan wrote:
> > > > On Thu, 4 Jun 2020, P J P wrote:
> > > > > From: Pra
On Thu, 4 Jun 2020, Michael S. Tsirkin wrote:
On Thu, Jun 04, 2020 at 08:07:52AM +0200, Philippe Mathieu-Daudé wrote:
On 6/4/20 12:13 AM, BALATON Zoltan wrote:
On Thu, 4 Jun 2020, P J P wrote:
From: Prasad J Pandit
While reading PCI configuration bytes, a guest may send an
address towards t
On Thu, Jun 04, 2020 at 07:14:00AM +0200, Gerd Hoffmann wrote:
> Hi,
>
> > > +assert(address + len <= pci_config_size(d));
> >
> > Does this allow guest now to crash QEMU?
>
> Looks like it does (didn't actually try though).
>
> > I think it was suggested that assert should only be used f
On Thu, Jun 04, 2020 at 08:07:52AM +0200, Philippe Mathieu-Daudé wrote:
> On 6/4/20 12:13 AM, BALATON Zoltan wrote:
> > On Thu, 4 Jun 2020, P J P wrote:
> >> From: Prasad J Pandit
> >>
> >> While reading PCI configuration bytes, a guest may send an
> >> address towards the end of the configuratio
On Thu, Jun 04, 2020 at 01:52:51AM +0530, P J P wrote:
> From: Prasad J Pandit
>
> While reading PCI configuration bytes, a guest may send an
> address towards the end of the configuration space. It may lead
> to an OOB access issue. Assert that 'address + len' is within
> PCI configuration space
On Thu, Jun 04, 2020 at 10:10:07AM +0100, Peter Maydell wrote:
> On Wed, 3 Jun 2020 at 21:26, P J P wrote:
> >
> > From: Prasad J Pandit
> >
> > While reading PCI configuration bytes, a guest may send an
> > address towards the end of the configuration space. It may lead
> > to an OOB access issu
On Wed, 3 Jun 2020 at 21:26, P J P wrote:
>
> From: Prasad J Pandit
>
> While reading PCI configuration bytes, a guest may send an
> address towards the end of the configuration space. It may lead
> to an OOB access issue. Assert that 'address + len' is within
> PCI configuration space.
What doe
On 6/4/20 12:13 AM, BALATON Zoltan wrote:
> On Thu, 4 Jun 2020, P J P wrote:
>> From: Prasad J Pandit
>>
>> While reading PCI configuration bytes, a guest may send an
>> address towards the end of the configuration space. It may lead
>> to an OOB access issue. Assert that 'address + len' is within
+-- On Thu, 4 Jun 2020, BALATON Zoltan wrote --+
| On Thu, 4 Jun 2020, P J P wrote:
| > +assert(address + len <= pci_config_size(d));
|
| Does this allow guest now to crash QEMU?
Yes, possible. Such crash (assert failure) can be a regular bug, as reading
PCI configuration is likely a privile
Hi,
> > +assert(address + len <= pci_config_size(d));
>
> Does this allow guest now to crash QEMU?
Looks like it does (didn't actually try though).
> I think it was suggested that assert should only be used for cases
> that can only arise from a programming error and not from values set
>
On Thu, 4 Jun 2020, P J P wrote:
From: Prasad J Pandit
While reading PCI configuration bytes, a guest may send an
address towards the end of the configuration space. It may lead
to an OOB access issue. Assert that 'address + len' is within
PCI configuration space.
Suggested-by: Philippe Mathie
From: Prasad J Pandit
While reading PCI configuration bytes, a guest may send an
address towards the end of the configuration space. It may lead
to an OOB access issue. Assert that 'address + len' is within
PCI configuration space.
Suggested-by: Philippe Mathieu-Daudé
Signed-off-by: Prasad J Pa
16 matches
Mail list logo