Re: [Qemu-devel] [PATCH uq/master] kvmvapic: Prevent reading beyond the end of guest RAM

On Mon, Sep 30, 2013 at 12:35:13PM +0200, Jan Kiszka wrote: > rom_state_paddr is guest provided (caller address of outw(VAPIC_PORT) + > writen 16-bit value) and can be influenced to point beyond the end of > the host memory backing the guest's RAM. Make sure we do not use this > pointer to actually

Re: [Qemu-devel] [PATCH uq/master] kvmvapic: Prevent reading beyond the end of guest RAM

On Mon, Sep 30, 2013 at 12:35:13PM +0200, Jan Kiszka wrote: > rom_state_paddr is guest provided (caller address of outw(VAPIC_PORT) + > writen 16-bit value) and can be influenced to point beyond the end of > the host memory backing the guest's RAM. Make sure we do not use this > pointer to actually

[Qemu-devel] [PATCH uq/master] kvmvapic: Prevent reading beyond the end of guest RAM

rom_state_paddr is guest provided (caller address of outw(VAPIC_PORT) + writen 16-bit value) and can be influenced to point beyond the end of the host memory backing the guest's RAM. Make sure we do not use this pointer to actually read beyond the limits. Reading arbitrary guest bytes is harmless,