|
From: | Gerd Hoffmann |
Subject: | Re: [Qemu-devel] [PATCH] Ignore pci unplug requests for unpluggable devices (CVE-2011-1751) |
Date: | Thu, 19 May 2011 13:12:58 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110419 Red Hat/3.1.10-1.el6_0 Thunderbird/3.1.10 |
Hi,
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c index 96f5222..6c908ff 100644 --- a/hw/acpi_piix4.c +++ b/hw/acpi_piix4.c @@ -471,11 +471,13 @@ static void pciej_write(void *opaque, uint32_t addr, uint32_t val) BusState *bus = opaque; DeviceState *qdev, *next; PCIDevice *dev; + PCIDeviceInfo *info; int slot = ffs(val) - 1; QLIST_FOREACH_SAFE(qdev,&bus->children, sibling, next) { dev = DO_UPCAST(PCIDevice, qdev, qdev); - if (PCI_SLOT(dev->devfn) == slot) { + info = container_of(qdev->info, PCIDeviceInfo, qdev); + if (PCI_SLOT(dev->devfn) == slot&& !info->no_hotplug) { qdev_free(qdev); } }Looks good, but what about pcie_cap_slot_hotplug()?
Dunno, didn't look at q35 yet. I'd expect the root bus isn't hot-pluggable, so the guest wouldn't be able to rip out any essential chipset devices. But having someone more familier with pcie + q35 double-check would be good ...
cheers, Gerd
[Prev in Thread] | Current Thread | [Next in Thread] |