[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] vga: stop passing pointers to vga_draw_line* fu

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH] vga: stop passing pointers to vga_draw_line* functions
Date: Thu, 24 Aug 2017 11:30:18 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

On 08/24/2017 04:19 AM, Gerd Hoffmann wrote:
> Instead pass around the address (aka offset into vga memory).
> Add vga_read_* helper functions which apply vbe_size_mask to
> the address, to make sure the address stays within the valid
> range, simliar to the cirrus blitter fixes (commits ffaf857778


> and 026aeffcb4).
> Impact:  DoS for priviledged guest users.  qemu crashes with


> a segfault, when hitting the guard page after vga memory
> allocation, while reading vga memory for display updates.
> Fixes: CVE-2017-xxxx

Do we have the actual number? Are we trying to get this in 2.10-rc4, or
is it merely 2.11 + qemu-stable (2.10.1) material?

> Cc: P J P <address@hidden>
> Reported-by: David Buchanan <address@hidden>
> Signed-off-by: Gerd Hoffmann <address@hidden>
> ---
>  hw/display/vga-helpers.h | 202 
> ++++++++++++++++++++++++++---------------------
>  hw/display/vga_int.h     |   1 +
>  hw/display/vga.c         |   5 +-
>  3 files changed, 114 insertions(+), 94 deletions(-)
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]