[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] usb: xHCI: add check to limit command TRB proce
P J P
Re: [Qemu-devel] [PATCH] usb: xHCI: add check to limit command TRB processing
Fri, 7 Oct 2016 17:10:14 +0530 (IST)
+-- On Fri, 7 Oct 2016, Gerd Hoffmann wrote --+
| I think it is better to apply the limit to link trbs only (which allow
| to jump to another address so the guest can build loops with it). Also
| I think the limit can be much stricter then without breaking stuff as
| typically a link trb is used at the end of a page full of normal trbs,
| to jump to the next page with trbs.
| both xhci_ring_fetch and xhci_ring_chain_length, so we should fix both.
| Is there a reproducer? If so, can you try the attached patch with it?
Yes, the attached patch does fix this issue.
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F