| commit | 590fe5722b522e492a9c78adadae4def35b137dd | |
| author | Cornelia Huck <cornelia.huck@de.ibm.com> | |
| Fri, 20 Mar 2015 12:08:36 +0000 (20 13:08 +0100) | ||
| committer | Cornelia Huck <cornelia.huck@de.ibm.com> | |
| Mon, 30 Mar 2015 07:25:17 +0000 (30 09:25 +0200) | ||
| tree | c82b2449005a9f38b8ccf410c9ed7094acc9355e | treesnapshot (tar.gz zip) |
| parent | 627f91b1f80fecc73d00727181a9ddb6162cc30e | commitdiff |
virtio-ccw: fix range check for SET_VQ
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.
Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
VIRTIO_PCI_QUEUE_MAX is already too big; a malicious guest would be
able to trigger a write beyond the VirtQueue structure.
Cc: qemu-stable@nongnu.org
Reviewed-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
| hw/s390x/virtio-ccw.c | diffblobblamehistory |