libvhost-user: Support across-memory-boundary access - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Yongji Xie <elohimes@gmail.com>	2018-01-19 00:04:05 +0800
committer	Michael S. Tsirkin <mst@redhat.com>	2018-02-13 18:25:48 +0200
commit	293084a7196b1d7781b6fe19b24e85eb8b7f4de0 (patch)
tree	9c3adca62a86fca93bb70d452e9193881e366897 /hw/pci/pci_bridge.c
parent	bb102d1da15a97c6750a4f96810cf15713be2bd6 (diff)
download	focaccia-qemu-293084a7196b1d7781b6fe19b24e85eb8b7f4de0.tar.gz focaccia-qemu-293084a7196b1d7781b6fe19b24e85eb8b7f4de0.zip

libvhost-user: Support across-memory-boundary access

The sg list/indirect descriptor table may be contigious
in GPA but not in HVA address space. But libvhost-user
wasn't aware of that. This would cause out-of-bounds
access. Even a malicious guest could use it to get
information from the vhost-user backend.

Introduce a plen parameter in vu_gpa_to_va() so we can
handle this case, returning the actual mapped length.

Signed-off-by: Yongji Xie <xieyongji@baidu.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Diffstat (limited to 'hw/pci/pci_bridge.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: