[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v1] virtio: add checks for the size of the indir
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [PATCH v1] virtio: add checks for the size of the indirect table |
|
Date: |
Tue, 15 Jan 2019 14:27:39 +0000 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Tue, Jan 15, 2019 at 01:08:47PM +0300, Dima Stepanov wrote:
> The virtqueue_pop() and virtqueue_get_avail_bytes() routines can use the
> INDIRECT table to get the data. It is possible to create a packet which
> will lead to the assert message like:
> include/exec/memory.h:1995: void
> address_space_read_cached(MemoryRegionCache *, hwaddr, void *, int):
> Assertion `addr < cache->len && len <= cache->len - addr' failed.
> Aborted
> To do it the first descriptor should have a link to the INDIRECT table
> and set the size of it to 0. It doesn't look good that the guest should
> be able to trigger the assert in qemu. Add additional check for the size
> of the INDIRECT table, which should not be 0.
>
> Signed-off-by: Dima Stepanov <address@hidden>
> ---
> hw/virtio/virtio.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Reviewed-by: Stefan Hajnoczi <address@hidden>
signature.asc
Description: PGP signature