[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it |
|
Date: |
Mon, 16 Feb 2015 10:29:47 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 15/02/2015 03:35, Jason Wang wrote:
>
>
> On Sat, Feb 14, 2015 at 4:50 AM, Paolo Bonzini <address@hidden> wrote:
>>
>>
>> On 12/02/2015 04:05, Jason Wang wrote:
>>> We don't validate the existence of handle_output which may let a buggy
>>> guest to trigger a SIGSEV easily. Fix this by validate its existence
>>> before.
>>>
>>> Cc: address@hidden
>>> Cc: Anthony Liguori <address@hidden>
>>> Cc: Michael S. Tsirkin <address@hidden>
>>> Signed-off-by: Jason Wang <address@hidden>
>>
>> Which queue was causing this?
>>
>> Paolo
>
> The queue that was not used by the device. Though qemu does not use
> them, but it allows guest to do some basic programming. e.g: (for 1q
> virtio-net)
>
> 1) write 10 to queue_sel
> 2) setup an arbitrary pfn
> 3) then notify queue 10
Oh, I see.
Reviewed-by: Paolo Bonzini <address@hidden>