[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] hw/pci-host/bonito: Avoid buffer overrun for ba
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PATCH] hw/pci-host/bonito: Avoid buffer overrun for bad LDMA/COP accesses |
Date: |
Thu, 30 Jul 2015 23:35:08 +0100 |
On 30 July 2015 at 23:02, Aurelien Jarno <address@hidden> wrote:
> On 2015-07-30 16:33, Peter Maydell wrote:
>> The LDMA and COP memory regions represent four 32 bit registers
>> each, but the memory regions themselves are 0x100 bytes large.
>> Add guards to the read and write accessors so that bogus accesses
>> beyond the four defined registers don't just run off the end of
>> the bonldma and boncop structs and into whatever lies beyond.
>
> Thanks for finding that. I don't know if it is better to reduce the
> memory region or just ignore the access as in your patch. I haven't
> found any documentation about the bonito northbridge, so I think it's
> safer to go like in your patch.
I did find some documentation by random googling -- but it just
defines that there are four valid registers in each region,
and doesn't say anything about what happens in the gaps
in between...
> I have just tested, it still boots fine with the change.
>
>> hw/pci-host/bonito.c | 16 ++++++++++++++++
>> 1 file changed, 16 insertions(+)
>
> Acked-by: Aurelien Jarno <address@hidden>
Thanks. (I haven't marked this as for-2.4 because
it's been like this since forever, and fulong2e isn't a
KVM board we care about security on; this is just a random
cleanup I happened to remember about. I could be persuaded
that it ought to go in, though.)
-- PMM