aboutsummaryrefslogtreecommitdiff
path: root/blockjob.c
diff options
context:
space:
mode:
authorJan Kiszka <jan.kiszka@siemens.com>2013-09-30 12:35:13 +0200
committerGleb Natapov <gleb@redhat.com>2013-10-04 13:13:16 +0300
commit7174e54cf14290233f4ae3e989ebc7b507636e77 (patch)
tree368e14461ebaedec159665866011bfb3e779b02c /blockjob.c
parent2560f19f426aceb4f2e809d860b93e7573cb1c4e (diff)
downloadqemu-7174e54cf14290233f4ae3e989ebc7b507636e77.zip
qemu-7174e54cf14290233f4ae3e989ebc7b507636e77.tar.gz
qemu-7174e54cf14290233f4ae3e989ebc7b507636e77.tar.bz2
kvmvapic: Prevent reading beyond the end of guest RAM
rom_state_paddr is guest provided (caller address of outw(VAPIC_PORT) + writen 16-bit value) and can be influenced to point beyond the end of the host memory backing the guest's RAM. Make sure we do not use this pointer to actually read beyond the limits. Reading arbitrary guest bytes is harmless, the guest kernel has to manage access to this I/O port anyway. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Gleb Natapov <gleb@redhat.com>
Diffstat (limited to 'blockjob.c')
0 files changed, 0 insertions, 0 deletions