[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 0/4] ivshmem security fixes
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH v3 0/4] ivshmem security fixes |
Date: |
Fri, 31 Oct 2014 17:03:04 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 15/09/2014 18:40, Andreas Färber wrote:
> Hello,
>
> This series tightens security on incoming data for ivshmem, originally sparked
> by SUSE's security team (Sebastian Krahmer). I've combined them and tackled
> remaining review feedback.
>
> Regards,
> Andreas
>
> Changes from Sebastian's #2:
> * Rebased onto Stefan's patches
> * Dropped g_realloc() check (Stefan)
> * Fixed fd leak and appended a patch fixing another one (Stefan)
> * Simplified comment (Stefan)
>
> Changes from Stefan's series:
> * Modified to handle partial reads (Peter/Gerd)
> * Changed check from > to >= (Peter)
>
> Cc: Cam Macdonell <address@hidden>
> Cc: Stefan Hajnoczi <address@hidden>
> Cc: Michael S. Tsirkin <address@hidden>
> Cc: Sebastian Krahmer <address@hidden>
> Cc: Peter Maydell <address@hidden>
> Cc: Gerd Hoffmann <address@hidden>
> Cc: David Marchand <address@hidden>
>
> Andreas Färber (1):
> ivshmem: Fix fd leak on error
>
> Sebastian Krahmer (1):
> ivshmem: Fix potential OOB r/w access
>
> Stefan Hajnoczi (2):
> ivshmem: Check ivshmem_read() size argument
> ivshmem: validate incoming_posn value from server
>
> hw/misc/ivshmem.c | 66
> ++++++++++++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 60 insertions(+), 6 deletions(-)
>
These seem to have falled on the floor, and they're a dependency for
Andrew's error_report cleanup, so I picked them up.
Paolo
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [Qemu-devel] [PATCH v3 0/4] ivshmem security fixes,
Paolo Bonzini <=