vmw_pvscsi: check page count while initialising descriptor rings - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Prasad J Pandit <pjp@fedoraproject.org>	2016-08-31 12:19:29 +0530
committer	Paolo Bonzini <pbonzini@redhat.com>	2016-09-13 19:08:46 +0200
commit	7f61f4690dd153be98900a2a508b88989e692753 (patch)
tree	22d6c3e4fd3a9aa96fddc028633690fd5f196e9b /hw/scsi/mptconfig.c
parent	48b6206305b8d56524ac2ee347b68e6e0a528559 (diff)
download	focaccia-qemu-7f61f4690dd153be98900a2a508b88989e692753.tar.gz focaccia-qemu-7f61f4690dd153be98900a2a508b88989e692753.zip

vmw_pvscsi: check page count while initialising descriptor rings

Vmware Paravirtual SCSI emulation uses command descriptors to
process SCSI commands. These descriptors come with their ring
buffers. A guest could set the page count for these rings to
an arbitrary value, leading to infinite loop or OOB access.
Add check to avoid it.

Reported-by: Tom Victor <vv474172261@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1472626169-12989-1-git-send-email-ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'hw/scsi/mptconfig.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: