qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Ignore pci unplug requests for unpluggable devi

From: Markus Armbruster
Subject: Re: [Qemu-devel] [PATCH] Ignore pci unplug requests for unpluggable devices (CVE-2011-1751)
Date: Thu, 19 May 2011 12:00:06 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux) 
Gerd Hoffmann <address@hidden> writes:

> This patch makes qemu ignore unplug requests from the guest for pci
> devices which are tagged as non-hotpluggable.  Trouble spot is the
> piix4 chipset with the ISA bridge.  Requests to unplug that one will
> make it go away together with all ISA bus devices, which are not
> prepared to be unplugged and thus don't cleanup, leaving active
> qemu timers behind in free'ed memory.
>
> Signed-off-by: Gerd Hoffmann <address@hidden>
> ---
>  hw/acpi_piix4.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
> index 96f5222..6c908ff 100644
> --- a/hw/acpi_piix4.c
> +++ b/hw/acpi_piix4.c
> @@ -471,11 +471,13 @@ static void pciej_write(void *opaque, uint32_t addr, 
> uint32_t val)
>      BusState *bus = opaque;
>      DeviceState *qdev, *next;
>      PCIDevice *dev;
> +    PCIDeviceInfo *info;
>      int slot = ffs(val) - 1;
>  
>      QLIST_FOREACH_SAFE(qdev, &bus->children, sibling, next) {
>          dev = DO_UPCAST(PCIDevice, qdev, qdev);
> -        if (PCI_SLOT(dev->devfn) == slot) {
> +        info = container_of(qdev->info, PCIDeviceInfo, qdev);
> +        if (PCI_SLOT(dev->devfn) == slot && !info->no_hotplug) {
>              qdev_free(qdev);
>          }
>      }

Looks good, but what about pcie_cap_slot_hotplug()?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]