[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration
|
From: |
Stefan Hajnoczi |
|
Subject: |
[Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration |
|
Date: |
Fri, 12 Aug 2016 16:32:54 +0100 |
Gaudenz Steinlin <address@hidden> reported that virtqueue_pop() terminates
QEMU because the virtqueue size is exceeded following the CVE-2016-5403 fix. I
have been unable to reproduce this or understand the root cause by code
inspection. Along the way I did discover a few bugs in virtio-balloon and
virtio code.
Please see the individual patches for details.
Gaudenz: If you can reproduce the bug you reported, please try again with these
patches applied.
Stefan Hajnoczi (4):
virtio: recalculate vq->inuse after migration
virtio: decrement vq->inuse in virtqueue_discard()
virtio: add virtqueue_rewind()
virtio-balloon: fix stats vq migration
hw/virtio/virtio-balloon.c | 10 ++++++++++
hw/virtio/virtio.c | 37 +++++++++++++++++++++++++++++++++++++
include/hw/virtio/virtio.h | 1 +
3 files changed, 48 insertions(+)
--
2.7.4
- [Qemu-devel] [PATCH for-2.7 0/4] virtio-balloon: fix stats vq migration,
Stefan Hajnoczi <=