mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

-----BEGIN PGP SIGNATURE-----

Browse Source 
Version: GnuPG v1
 
 iQEcBAABAgAGBQJXmM9+AAoJEJykq7OBq3PISmEH/170dFTGSqQYWW/98GH0TXDE
 QsTKeNA9RhvhTCz+4rRBiuuHNOHSRKdlM8NK7tdX2F5+IHZa46qpkmnPmIaog6M5
 R/8My7K+QgZU/vs5uR4VjraBGTNZQm4Rn2NbvyDGXzgeErjhvs+UWyP74uJexZUH
 0j7WmwA7bDuphx0p03jptOHLkhPswxBt70T8CH7jOPXe6nPLWOewalFMosjgmT5F
 /LhckvcaPmZAJn8Nr5+EBZD4F1UcM0KfzNZJUqLJCToWZHI+Q7qroEsvYKu96oQM
 kERSrAYC9/1xWtuu9lmTCATwx5IS2YDfZOBeOabnx0L64mkEtcKfT/ykF1ynBi0=
 =I/S+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/CVE-2016-5403-virtio-unbounded-allocation-pull-request' into staging

# gpg: Signature made Wed 27 Jul 2016 16:13:02 BST
# gpg:                using RSA key 0x9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>"
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>"
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/CVE-2016-5403-virtio-unbounded-allocation-pull-request:
  virtio: error out if guest exceeds virtqueue size

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2016-07-27 17:26:07 +01:00
commit 51313fe4f4
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hw/virtio/virtio.c
View File

@ -562,6 +562,11 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz)
max = vq->vring.num;
if (vq->inuse >= vq->vring.num) {
error_report("Virtqueue size exceeded");
exit(1);
}
i = head = virtqueue_get_head(vq, vq->last_avail_idx++);
if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) {
vring_set_avail_event(vq, vq->last_avail_idx);