[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Qemu-block] [PATCH 0/2] AHCI: avoid mapping stale gues
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] [Qemu-block] [PATCH 0/2] AHCI: avoid mapping stale guest memory |
|
Date: |
Thu, 12 Mar 2015 13:47:12 +0000 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Tue, Mar 10, 2015 at 05:29:02PM -0400, John Snow wrote:
> Currently, the AHCI device tries to re-map guest memory every time
> the low or high address registers are written to, whether or not the
> AHCI device is currently active. If the other register has stale
> information in it, this may lead to runtime failures.
>
> Reconfigure the AHCI device to ignore writes to these registers while
> the device is active, and otherwise postpone the dma memory map until
> the device becomes active.
>
> John Snow (2):
> AHCI: Do not (re)map FB/CLB buffers while not running
> AHCI: Protect cmd register
>
> hw/ide/ahci.c | 61
> ++++++++++++++++++++++++++++++++++++++++++++---------------
> hw/ide/ahci.h | 2 ++
> 2 files changed, 48 insertions(+), 15 deletions(-)
hw/ide/ahci.c: In function ‘ahci_state_post_load’:
hw/ide/ahci.c:1396:23: error: unused variable ‘pr’ [-Werror=unused-variable]
AHCIPortRegs *pr = &ad->port_regs;
What happens if a malicious/buggy guest provides a bogus address? It
looks like the code still sets the "on" bit in the cmd register because
it doesn't check whether the mapped pointer is non-NULL.
pgp6xQ0zxk6S7.pgp
Description: PGP signature