Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

+-- On Wed, 3 Jun 2020, BALATON Zoltan wrote --+ | or even > MM_DATA + 3 may be best as that only refers to defines used in | that case. So maybe | | + } else if (s->regs.mm_index > MM_DATA + 3) { | > ati_mm_write(s, s->regs.mm_index + addr - MM_DATA, data, size); | > } | > | > and do the

Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

On Wed, 3 Jun 2020, BALATON Zoltan wrote: On Wed, 3 Jun 2020, P J P wrote: +-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+ | Hmm, why modify mm_index? Shouldn't we just check it is non-zero | before calling ati_mm_read/ati_mm_write? if (s->regs.mm_index & BIT(31)) { ... } else {

Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

On Wed, 3 Jun 2020, P J P wrote: +-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+ | Hmm, why modify mm_index? Shouldn't we just check it is non-zero | before calling ati_mm_read/ati_mm_write? if (s->regs.mm_index & BIT(31)) { ... } else { ati_mm_write(s, s->regs.mm_index + addr -

Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

On Wed, Jun 03, 2020 at 08:05:50PM +0530, P J P wrote: > +-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+ > | Hmm, why modify mm_index? Shouldn't we just check it is non-zero > | before calling ati_mm_read/ati_mm_write? > > if (s->regs.mm_index & BIT(31)) { > ... > } else { } else if

Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

+-- On Wed, 3 Jun 2020, Gerd Hoffmann wrote --+ | Hmm, why modify mm_index? Shouldn't we just check it is non-zero | before calling ati_mm_read/ati_mm_write? if (s->regs.mm_index & BIT(31)) { ... } else { ati_mm_write(s, s->regs.mm_index + addr - MM_DATA, data, size); } Exit

Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

On Wed, 3 Jun 2020, Gerd Hoffmann wrote: On Wed, Jun 03, 2020 at 06:17:32PM +0530, P J P wrote: From: Prasad J Pandit While accessing VGA registers via ati_mm_read/write routines, a guest may set 's->regs.mm_index' such that it leads to infinite recursion. Lovely. Increment the mm_index

Re: [PATCH] ati-vga: increment mm_index in ati_mm_read/write

On Wed, Jun 03, 2020 at 06:17:32PM +0530, P J P wrote: > From: Prasad J Pandit > > While accessing VGA registers via ati_mm_read/write routines, > a guest may set 's->regs.mm_index' such that it leads to infinite > recursion. Lovely. > Increment the mm_index value to avoid it. Hmm, why modify

[PATCH] ati-vga: increment mm_index in ati_mm_read/write

From: Prasad J Pandit While accessing VGA registers via ati_mm_read/write routines, a guest may set 's->regs.mm_index' such that it leads to infinite recursion. Increment the mm_index value to avoid it. Reported-by: Ren Ding Reported-by: Hanqing Zhao Reported-by: Yi Ren Signed-off-by: Prasad