On 15/09/2014 18:40, Andreas Färber wrote: > Hello, > > This series tightens security on incoming data for ivshmem, originally sparked > by SUSE's security team (Sebastian Krahmer). I've combined them and tackled > remaining review feedback. > > Regards, > Andreas > > Changes from Sebastian's #2: > * Rebased onto Stefan's patches > * Dropped g_realloc() check (Stefan) > * Fixed fd leak and appended a patch fixing another one (Stefan) > * Simplified comment (Stefan) > > Changes from Stefan's series: > * Modified to handle partial reads (Peter/Gerd) > * Changed check from > to >= (Peter) > > Cc: Cam Macdonell <c...@cs.ualberta.ca> > Cc: Stefan Hajnoczi <stefa...@redhat.com> > Cc: Michael S. Tsirkin <m...@redhat.com> > Cc: Sebastian Krahmer <krah...@suse.de> > Cc: Peter Maydell <peter.mayd...@linaro.org> > Cc: Gerd Hoffmann <kra...@redhat.com> > Cc: David Marchand <david.march...@6wind.com> > > Andreas Färber (1): > ivshmem: Fix fd leak on error > > Sebastian Krahmer (1): > ivshmem: Fix potential OOB r/w access > > Stefan Hajnoczi (2): > ivshmem: Check ivshmem_read() size argument > ivshmem: validate incoming_posn value from server > > hw/misc/ivshmem.c | 66 > ++++++++++++++++++++++++++++++++++++++++++++++++++----- > 1 file changed, 60 insertions(+), 6 deletions(-) >
These seem to have falled on the floor, and they're a dependency for Andrew's error_report cleanup, so I picked them up. Paolo
