Re: [Qemu-devel] [PATCH 1/2] ehci: apply limit to itd/sidt descriptors

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 1/2] ehci: apply limit to itd/sidt descriptors

From:	P J P
Subject:	Re: [Qemu-devel] [PATCH 1/2] ehci: apply limit to itd/sidt descriptors
Date:	Mon, 18 Apr 2016 17:22:48 +0530 (IST)

+-- On Mon, 18 Apr 2016, Gerd Hoffmann wrote --+
| Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a
| DoS by the guest (create a circular itd queue and let qemu ehci
| emulation run in circles forever).  Unfortunaly this has two problems:
| First it misses the case of sitds, and second it reportly breaks
| freebsd.
| 
| So lets go for a different approach: just count the number of itds and
| sitds we have seen per frame and apply a limit.  That should really
| catch all cases now.

  idt -> iTD
  sidt -> siTD
  Unfortualy -> Unfortunately
  reportly -> reportedly
  freebsd -> FreeBSD

Perhaps it'll help to add "Fixes: 156a2e4(CVE-2015-8558)" to the commit log? 
(just a thought)

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 1/2] ehci: apply limit to itd/sidt descriptors, Gerd Hoffmann, 2016/04/18
- [Qemu-devel] [PATCH 2/2] Revert "ehci: make idt processing more robust", Gerd Hoffmann, 2016/04/18
- Re: [Qemu-devel] [PATCH 1/2] ehci: apply limit to itd/sidt descriptors, P J P <=

Prev by Date: [Qemu-devel] [PATCH RFC] fixup! virtio: convert to use DMA api
Next by Date: Re: [Qemu-devel] [PATCH RFC] fixup! virtio: convert to use DMA api
Previous by thread: [Qemu-devel] [PATCH 2/2] Revert "ehci: make idt processing more robust"
Next by thread: [Qemu-devel] [PATCH] migration: remove useless code
Index(es):
- Date
- Thread