| commit | f8bb056564ed719b2fa5e05028bc70aeb0cc5c6c | |
| author | Igor Mammedov <imammedo@redhat.com> | |
| Mon, 28 Jan 2013 11:49:26 +0000 (28 12:49 +0100) | ||
| committer | Gleb Natapov <gleb@redhat.com> | |
| Tue, 29 Jan 2013 06:57:56 +0000 (29 08:57 +0200) | ||
| tree | 6ed3ddd6099dd6ee8b7be7aa47a0d2958d97f528 | treesnapshot (tar.gz zip) |
| parent | f9e90c798dc84be2b0b988517e86b49faf79d5dc | commitdiff |
target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big
Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().
reproduces with:
qemu -enable-kvm -cpu qemu64,level=4294967295
or
qemu -enable-kvm -cpu qemu64,xlevel=4294967295
Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().
reproduces with:
qemu -enable-kvm -cpu qemu64,level=4294967295
or
qemu -enable-kvm -cpu qemu64,xlevel=4294967295
Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
| target-i386/kvm.c | diffblobblamehistory |