[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2
From: |
Philippe Mathieu-Daudé |
Subject: |
Re: [PATCH-for-5.0 1/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation() |
Date: |
Sun, 12 Apr 2020 23:02:15 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
On 4/12/20 10:57 PM, Peter Maydell wrote:
> On Sun, 12 Apr 2020 at 21:53, Philippe Mathieu-Daudé <address@hidden> wrote:
>> "VMs using KVM" as security boundary is very clear, thanks.
>>
>> Note 1: This this doesn't appear on the QEMU security process
>> description: https://www.qemu.org/contribute/security-process/
>
> It's part of the list of how to decide whether an issue is
> security sensitive:
> "Is QEMU used in conjunction with a hypervisor (as opposed
> to TCG binary translation)?"
Indeed I missed this. This bug correctly matches the example described:
"The ‘generic-sdhci’ interface, instead, had only one user
in ‘Xilinx Zynq Baseboard emulation’ (hw/arm/xilinx_zynq.c).
Xilinx Zynq is a programmable systems on chip (SoC) device.
While QEMU does emulate this device, in practice it is used
to facilitate cross-platform developmental efforts, i.e. QEMU
is used to write programs for the SoC device. In such developer
environments, it is generally assumed that the guest is trusted."
>
> We also document it in the user manuals now (a relatively
> recent improvement):
>
> https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case
>
>> Note 2: If a reported bug is not in security boundary, it should be
>> reported as a bug to mainstream QEMU, to give the community a chance to
>> fix it.
>
> Yes; bugs are still bugs.
>
> thanks
> -- PMM
>