[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 590fe5: virtio-ccw: fix range check for SET_V
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 590fe5: virtio-ccw: fix range check for SET_VQ |
|
Date: |
Tue, 31 Mar 2015 02:00:12 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 590fe5722b522e492a9c78adadae4def35b137dd
https://github.com/qemu/qemu/commit/590fe5722b522e492a9c78adadae4def35b137dd
Author: Cornelia Huck <address@hidden>
Date: 2015-03-30 (Mon, 30 Mar 2015)
Changed paths:
M hw/s390x/virtio-ccw.c
Log Message:
-----------
virtio-ccw: fix range check for SET_VQ
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.
Cc: address@hidden
Reviewed-by: David Hildenbrand <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: d03a363054f1cc58d4e6653ff09fbbe8121a0302
https://github.com/qemu/qemu/commit/d03a363054f1cc58d4e6653ff09fbbe8121a0302
Author: Cornelia Huck <address@hidden>
Date: 2015-03-30 (Mon, 30 Mar 2015)
Changed paths:
M hw/s390x/virtio-ccw.c
Log Message:
-----------
virtio-ccw: range check in READ_VQ_CONF
Processing for READ_VQ_CONF needs to check whether the requested queue
value is actually in the supported range and post a channel program
check if not.
Cc: address@hidden
Reviewed-by: David Hildenbrand <address@hidden>
Acked-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: f65025caab916aa8a5b8de270a59078e0b6e2866
https://github.com/qemu/qemu/commit/f65025caab916aa8a5b8de270a59078e0b6e2866
Author: Paolo Bonzini <address@hidden>
Date: 2015-03-30 (Mon, 30 Mar 2015)
Changed paths:
M hw/s390x/ipl.c
Log Message:
-----------
s390x: do not include ram_addr.h
ram_addr.h is an internal interface and it is not needed anyway by
hw/s390x/ipl.c.
Cc: Christian Borntraeger <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Signed-off-by: Paolo Bonzini <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Christian Borntraeger <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: fa92e218df1d7fcc01e1e5d8bbd77acdaf53c18b
https://github.com/qemu/qemu/commit/fa92e218df1d7fcc01e1e5d8bbd77acdaf53c18b
Author: Cornelia Huck <address@hidden>
Date: 2015-03-30 (Mon, 30 Mar 2015)
Changed paths:
M hw/s390x/ipl.c
Log Message:
-----------
s390x/ipl: avoid sign extension
Make s390_update_iplstate() return uint32_t to avoid sign extensions
for cssids > 127. While this doesn't matter in practice yet (as
nobody supports MCSS-E and thus won't see the real cssid), play safe.
Reported-by: Paolo Bonzini <address@hidden>
Reviewed-by: Jason J. Herne <address@hidden>
Signed-off-by: Cornelia Huck <address@hidden>
Commit: d4892d935b035c2220827145524d0cf0573d1fea
https://github.com/qemu/qemu/commit/d4892d935b035c2220827145524d0cf0573d1fea
Author: Peter Maydell <address@hidden>
Date: 2015-03-30 (Mon, 30 Mar 2015)
Changed paths:
M hw/s390x/ipl.c
M hw/s390x/virtio-ccw.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20150330' into staging
s390x fixes:
- virtqueue index issues in virtio-ccw
- cleanup and sign extension fix for the ipl device
# gpg: Signature made Mon Mar 30 08:52:54 2015 BST using RSA key ID C6F02FAF
# gpg: Good signature from "Cornelia Huck <address@hidden>"
# gpg: aka "Cornelia Huck <address@hidden>"
* remotes/cohuck/tags/s390x-20150330:
s390x/ipl: avoid sign extension
s390x: do not include ram_addr.h
virtio-ccw: range check in READ_VQ_CONF
virtio-ccw: fix range check for SET_VQ
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/627f91b1f80f...d4892d935b03
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 590fe5: virtio-ccw: fix range check for SET_VQ,
GitHub <=