Hello, This series tightens security on incoming data for ivshmem, originally sparked by SUSE's security team (Sebastian Krahmer). I've combined them and tackled remaining review feedback.
Regards, Andreas Changes from Sebastian's #2: * Rebased onto Stefan's patches * Dropped g_realloc() check (Stefan) * Fixed fd leak and appended a patch fixing another one (Stefan) * Simplified comment (Stefan) Changes from Stefan's series: * Modified to handle partial reads (Peter/Gerd) * Changed check from > to >= (Peter) Cc: Cam Macdonell <c...@cs.ualberta.ca> Cc: Stefan Hajnoczi <stefa...@redhat.com> Cc: Michael S. Tsirkin <m...@redhat.com> Cc: Sebastian Krahmer <krah...@suse.de> Cc: Peter Maydell <peter.mayd...@linaro.org> Cc: Gerd Hoffmann <kra...@redhat.com> Cc: David Marchand <david.march...@6wind.com> Andreas Färber (1): ivshmem: Fix fd leak on error Sebastian Krahmer (1): ivshmem: Fix potential OOB r/w access Stefan Hajnoczi (2): ivshmem: Check ivshmem_read() size argument ivshmem: validate incoming_posn value from server hw/misc/ivshmem.c | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 60 insertions(+), 6 deletions(-) -- 1.8.4.5
