On Thu, 2013-03-21 at 18:28 +0200, Michael S. Tsirkin wrote:
> On Thu, Mar 21, 2013 at 04:23:48PM +, Ben Hutchings wrote:
> > On Thu, 2013-03-21 at 08:02 +0200, Michael S. Tsirkin wrote:
> > > On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
> > > > From: "Michael S. Tsirkin"
> >
On Thu, Mar 21, 2013 at 04:23:48PM +, Ben Hutchings wrote:
> On Thu, 2013-03-21 at 08:02 +0200, Michael S. Tsirkin wrote:
> > On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
> > > From: "Michael S. Tsirkin"
> > > Date: Sun, 17 Mar 2013 14:46:09 +0200
> > >
> > > > ubuf info
On Thu, 2013-03-21 at 08:02 +0200, Michael S. Tsirkin wrote:
> On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
> > From: "Michael S. Tsirkin"
> > Date: Sun, 17 Mar 2013 14:46:09 +0200
> >
> > > ubuf info allocator uses guest controlled head as an index,
> > > so a malicious guest
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
> From: "Michael S. Tsirkin"
> Date: Sun, 17 Mar 2013 14:46:09 +0200
>
> > ubuf info allocator uses guest controlled head as an index,
> > so a malicious guest could put the same head entry in the ring twice,
> > and we will get two
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
From: Michael S. Tsirkin m...@redhat.com
Date: Sun, 17 Mar 2013 14:46:09 +0200
ubuf info allocator uses guest controlled head as an index,
so a malicious guest could put the same head entry in the ring twice,
and we will get
On Thu, 2013-03-21 at 08:02 +0200, Michael S. Tsirkin wrote:
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
From: Michael S. Tsirkin m...@redhat.com
Date: Sun, 17 Mar 2013 14:46:09 +0200
ubuf info allocator uses guest controlled head as an index,
so a malicious guest
On Thu, Mar 21, 2013 at 04:23:48PM +, Ben Hutchings wrote:
On Thu, 2013-03-21 at 08:02 +0200, Michael S. Tsirkin wrote:
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
From: Michael S. Tsirkin m...@redhat.com
Date: Sun, 17 Mar 2013 14:46:09 +0200
ubuf info
On Thu, 2013-03-21 at 18:28 +0200, Michael S. Tsirkin wrote:
On Thu, Mar 21, 2013 at 04:23:48PM +, Ben Hutchings wrote:
On Thu, 2013-03-21 at 08:02 +0200, Michael S. Tsirkin wrote:
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
From: Michael S. Tsirkin m...@redhat.com
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
> From: "Michael S. Tsirkin"
> Date: Sun, 17 Mar 2013 14:46:09 +0200
>
> > ubuf info allocator uses guest controlled head as an index,
> > so a malicious guest could put the same head entry in the ring twice,
> > and we will get two
From: "Michael S. Tsirkin"
Date: Sun, 17 Mar 2013 14:46:09 +0200
> ubuf info allocator uses guest controlled head as an index,
> so a malicious guest could put the same head entry in the ring twice,
> and we will get two callbacks on the same value.
> To fix use upend_idx which is guaranteed to
ubuf info allocator uses guest controlled head as an index,
so a malicious guest could put the same head entry in the ring twice,
and we will get two callbacks on the same value.
To fix use upend_idx which is guaranteed to be unique.
Reported-by: Rusty Russell
Signed-off-by: Michael S. Tsirkin
ubuf info allocator uses guest controlled head as an index,
so a malicious guest could put the same head entry in the ring twice,
and we will get two callbacks on the same value.
To fix use upend_idx which is guaranteed to be unique.
Reported-by: Rusty Russell ru...@rustcorp.com.au
Signed-off-by:
From: Michael S. Tsirkin m...@redhat.com
Date: Sun, 17 Mar 2013 14:46:09 +0200
ubuf info allocator uses guest controlled head as an index,
so a malicious guest could put the same head entry in the ring twice,
and we will get two callbacks on the same value.
To fix use upend_idx which is
On Sun, Mar 17, 2013 at 02:29:55PM -0400, David Miller wrote:
From: Michael S. Tsirkin m...@redhat.com
Date: Sun, 17 Mar 2013 14:46:09 +0200
ubuf info allocator uses guest controlled head as an index,
so a malicious guest could put the same head entry in the ring twice,
and we will get
14 matches
Mail list logo