|
| From: | Richard Henderson |
| Subject: | Re: [Qemu-devel] [PATCH] tcg/i386: Check the size of instruction being translated |
| Date: | Fri, 24 Mar 2017 07:13:41 +1000 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 03/24/2017 03:58 AM, Pranith Kumar wrote:
Sending again since I messed by pbonzini's email. This fixes the bug: 'user-to-root privesc inside VM via bad translation caching' reported by Jann Horn here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1122 CC: Richard Henderson <address@hidden> CC: Peter Maydell <address@hidden> CC: Paolo Bonzini <address@hidden> Reported-by: Jann Horn <address@hidden> Signed-off-by: Pranith Kumar <address@hidden> --- target/i386/translate.c | 7 +++++++ 1 file changed, 7 insertions(+)
Reviewed-by: Richard Henderson <address@hidden> r~
| [Prev in Thread] | Current Thread | [Next in Thread] |