qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] hw/pci-host/bonito: Avoid buffer overrun for ba


From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH] hw/pci-host/bonito: Avoid buffer overrun for bad LDMA/COP accesses
Date: Thu, 30 Jul 2015 23:35:08 +0100

On 30 July 2015 at 23:02, Aurelien Jarno <address@hidden> wrote:
> On 2015-07-30 16:33, Peter Maydell wrote:
>> The LDMA and COP memory regions represent four 32 bit registers
>> each, but the memory regions themselves are 0x100 bytes large.
>> Add guards to the read and write accessors so that bogus accesses
>> beyond the four defined registers don't just run off the end of
>> the bonldma and boncop structs and into whatever lies beyond.
>
> Thanks for finding that. I don't know if it is better to reduce the
> memory region or just ignore the access as in your patch. I haven't
> found any documentation about the bonito northbridge, so I think it's
> safer to go like in your patch.

I did find some documentation by random googling -- but it just
defines that there are four valid registers in each region,
and doesn't say anything about what happens in the gaps
in between...

> I have just tested, it still boots fine with the change.
>
>>  hw/pci-host/bonito.c | 16 ++++++++++++++++
>>  1 file changed, 16 insertions(+)
>
> Acked-by: Aurelien Jarno <address@hidden>

Thanks. (I haven't marked this as for-2.4 because
it's been like this since forever, and fulong2e isn't a
KVM board we care about security on; this is just a random
cleanup I happened to remember about. I could be persuaded
that it ought to go in, though.)

-- PMM



reply via email to

[Prev in Thread] Current Thread [Next in Thread]