On Wed, 3 Jun 2020, Gerd Hoffmann wrote:
On Wed, Jun 03, 2020 at 06:17:32PM +0530, P J P wrote:
From: Prasad J Pandit <p...@fedoraproject.org>
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion.
Lovely.
Increment the mm_index value to avoid it.
Hmm, why modify mm_index? Shouldn't we just check it is non-zero
before calling ati_mm_read/ati_mm_write?
I haven't found any mention in any docs that say MM_INDEX should auto
increment so unless this is proven to do that on real hardware I also
think forbiding indexed access to index registers should be enough.
Regards,
BALATON Zoltan
