Re: [PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues

From:	Gerd Hoffmann
Subject:	Re: [PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues
Date:	Mon, 21 Sep 2020 09:53:28 +0200

On Tue, Sep 15, 2020 at 11:52:57PM +0530, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
> 
> Hello,
> 
> * While servicing transfer descriptors(TD) in ohci_service[_iso]_td
>   routines, it may lead to out-of-bounds access and/or infinite loop
>   issues, as the OHCI controller driver may supply malicious values
>   to derive frame_number, start_addr, end_addr etc. variables.
> 
> * This series breaks earlier single patch into two.
>   One for an out-of-bounds access issue and another to fix infinite
>   loop case.
>   -> https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05145.html

Added to usb patch queue.

thanks,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues, P J P, 2020/09/15
- [PATCH v2 2/2] hw: usb: hcd-ohci: check for processed TD before retire, P J P, 2020/09/15
  - Re: [PATCH v2 2/2] hw: usb: hcd-ohci: check for processed TD before retire, Li Qiang, 2020/09/16
- [PATCH v2 1/2] hw: usb: hcd-ohci: check len and frame_number variables, P J P, 2020/09/15
- Re: [PATCH v2 0/2] hw: usb: hcd-ohci: fix oob access and loop issues, Gerd Hoffmann <=

Prev by Date: Re: [PATCH 8/9] default-configs/targets: remove useless lines
Next by Date: RE: [PATCH] xen: rework pci_piix3_xen_ide_unplug
Previous by thread: [PATCH v2 1/2] hw: usb: hcd-ohci: check len and frame_number variables
Next by thread: Re: [PATCH V1 32/32] vfio-pci: improved tracing
Index(es):
- Date
- Thread