Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle

qemu-devel

Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output

From:	Jason Wang
Subject:	Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it
Date:	Sun, 15 Feb 2015 02:43:32 +0008

On Sat, Feb 14, 2015 at 4:50 AM, Paolo Bonzini <address@hidden>wrote:



On 12/02/2015 04:05, Jason Wang wrote:

We don't validate the existence of handle_output which may let abuggy

 guest to trigger a SIGSEV easily. Fix this by validate its existence
 before.

Cc: address@hidden

 Cc: Anthony Liguori <address@hidden>
 Cc: Michael S. Tsirkin <address@hidden>
 Signed-off-by: Jason Wang <address@hidden>


Which queue was causing this?

Paolo

The queue that was not used by the device. Though qemu does not usethem, but it allows guest to do some basic programming. e.g: (for 1qvirtio-net)


1) write 10 to queue_sel
2) setup an arbitrary pfn
3) then notify queue 10

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it, Jason Wang, 2015/02/11
- Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it, Don Koch, 2015/02/13
  - Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it, Jason Wang, 2015/02/14
- Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it, Paolo Bonzini, 2015/02/13
  - Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it, Jason Wang <=
    - Re: [Qemu-devel] [PATCH] virtio: validate the existence of handle_output before calling it, Paolo Bonzini, 2015/02/16