| commit | 1ae3f2f178087711f9591350abad133525ba93f2 | |
| author | Gerd Hoffmann <kraxel@redhat.com> | |
| Mon, 18 Apr 2016 07:11:38 +0000 (18 09:11 +0200) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Tue, 19 Apr 2016 06:18:27 +0000 (19 08:18 +0200) | ||
| tree | 3823cf7dd8d30c31a7c154d067801a73cc53bcfd | treesnapshot (tar.gz zip) |
| parent | c6c598ca5fba68fbd6612f3330c4015142f2f86a | commitdiff |
ehci: apply limit to iTD/sidt descriptors
Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
DoS by the guest (create a circular iTD queue and let qemu ehci
emulation run in circles forever). Unfortunately this has two problems:
First it misses the case of siTDs, and second it reportedly breaks
FreeBSD.
So lets go for a different approach: just count the number of iTDs and
siTDs we have seen per frame and apply a limit. That should really
catch all cases now.
Reported-by: 杜少博 <dushaobo@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
DoS by the guest (create a circular iTD queue and let qemu ehci
emulation run in circles forever). Unfortunately this has two problems:
First it misses the case of siTDs, and second it reportedly breaks
FreeBSD.
So lets go for a different approach: just count the number of iTDs and
siTDs we have seen per frame and apply a limit. That should really
catch all cases now.
Reported-by: 杜少博 <dushaobo@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| hw/usb/hcd-ehci.c | diffblobblamehistory |