[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends une
|
From: |
Amit Shah |
|
Subject: |
[Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements |
|
Date: |
Fri, 10 Dec 2010 20:29:07 +0530 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On (Fri) Dec 10 2010 [13:59:50], Paul Brook wrote:
> > Check if the guest really sent any items in the out_vq before using
> > them. Similarly, check if there is a buffer to send data in before
> > writing.
>
> Can this actually happen? If so why/how?
> Why does it need a special case in this device?
A malicious guest (ie, a guest with the virtio_console module suitably
modified) could send in buffers with the 'input' bit set instead of
output as expected or vice-versa.
> If this is guest triggerable then calling abort() is wrong.
It's either a guest bug or a malicious guest. What action is
recommended?
Amit
- [Qemu-devel] [PATCH 1/5] virtio-console: Factor out common init between console and generic ports, (continued)
[Qemu-devel] [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements, Amit Shah, 2010/12/10