Re: [Qemu-devel] [PATCH] tcg/i386: Check the size of instruction being translated

Queued, thanks. Paolo On 23/03/2017 18:58, Pranith Kumar wrote: > Sending again since I messed by pbonzini's email. > > This fixes the bug: 'user-to-root privesc inside VM via bad translation > caching' reported by Jann Horn here: > https://bugs.chromium.org/p/project-zero/issues/detail?id=1122

Re: [Qemu-devel] [PATCH] tcg/i386: Check the size of instruction being translated

On 03/24/2017 03:58 AM, Pranith Kumar wrote: Sending again since I messed by pbonzini's email. This fixes the bug: 'user-to-root privesc inside VM via bad translation caching' reported by Jann Horn here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 CC: Richard Henderson CC: P

[Qemu-devel] [PATCH] tcg/i386: Check the size of instruction being translated

Sending again since I messed by pbonzini's email. This fixes the bug: 'user-to-root privesc inside VM via bad translation caching' reported by Jann Horn here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 CC: Richard Henderson CC: Peter Maydell CC: Paolo Bonzini Reported-by: J

[Qemu-devel] [PATCH] tcg/i386: Check the size of instruction being translated

This fixes the bug: 'user-to-root privesc inside VM via bad translation caching' reported by Jann Horn here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 CC: Richard Henderson CC: Peter Maydell CC: Paolo Bonzini Reported-by: Jann Horn Signed-off-by: Pranith Kumar --- target