qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] Ignore pci unplug requests for unpluggable devi

From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PATCH] Ignore pci unplug requests for unpluggable devices (CVE-2011-1751)
Date: Thu, 19 May 2011 13:12:58 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110419 Red Hat/3.1.10-1.el6_0 Thunderbird/3.1.10 
  Hi,


diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c
index 96f5222..6c908ff 100644
--- a/hw/acpi_piix4.c
+++ b/hw/acpi_piix4.c
@@ -471,11 +471,13 @@ static void pciej_write(void *opaque, uint32_t addr, 
uint32_t val)
      BusState *bus = opaque;
      DeviceState *qdev, *next;
      PCIDevice *dev;
+    PCIDeviceInfo *info;
      int slot = ffs(val) - 1;

      QLIST_FOREACH_SAFE(qdev,&bus->children, sibling, next) {
          dev = DO_UPCAST(PCIDevice, qdev, qdev);
-        if (PCI_SLOT(dev->devfn) == slot) {
+        info = container_of(qdev->info, PCIDeviceInfo, qdev);
+        if (PCI_SLOT(dev->devfn) == slot&&  !info->no_hotplug) {
              qdev_free(qdev);
          }
      }


Looks good, but what about pcie_cap_slot_hotplug()?
Dunno, didn't look at q35 yet. I'd expect the root bus isn't hot-pluggable, so the guest wouldn't be able to rip out any essential chipset devices. But having someone more familier with pcie + q35 double-check would be good ... 

cheers,
  Gerd
reply via email to
[Prev in Thread] Current Thread [Next in Thread]