+-- On Thu, 8 Aug 2019, Paolo Bonzini wrote --+
| I suppose this one also blocks the monitor, but then "kill -9" is always
| your friend. :)
True. :)
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
+-- On Thu, 8 Aug 2019, Philippe Mathieu-Daudé wrote --+
| >From user-mode? As unprivileged user?
No, needs privileges inside guest.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
On 08/08/19 11:48, P J P wrote:
> +-- On Thu, 8 Aug 2019, Paolo Bonzini wrote --+
> | I am not sure this is worth a CVE.
>
> True, it is a low one, as QEMU consumes cycles on the host.
A guest that runs an infinite loop would be an easier way to do that. I
suppose this one also blocks the
On 8/8/19 11:48 AM, P J P wrote:
> +-- On Thu, 8 Aug 2019, Paolo Bonzini wrote --+
> | I am not sure this is worth a CVE.
>
> True, it is a low one, as QEMU consumes cycles on the host.
>
> | The kernel can cause QEMU to break, but is there a practical case in which
> | an unprivileged user
+-- On Thu, 8 Aug 2019, Paolo Bonzini wrote --+
| I am not sure this is worth a CVE.
True, it is a low one, as QEMU consumes cycles on the host.
| The kernel can cause QEMU to break, but is there a practical case in which
| an unprivileged user can do that?
QEMU does not break, it keeps
+-- On Thu, 8 Aug 2019, Stefano Garzarella wrote --+
| > +if (++insn_processed > 1) {
| ^
| Since we are using this "magic" number in several lines,
| should we define a macro?
Sent patch v2. Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF
On 08/08/19 08:33, P J P wrote:
> From: Prasad J Pandit
>
> When executing script in lsi_execute_script(), the LSI scsi
> adapter emulator advances 's->dsp' index to read next opcode.
> This can lead to an infinite loop if the next opcode is empty.
> Exit such loop after reading 10k empty
On Thu, Aug 08, 2019 at 12:03:40PM +0530, P J P wrote:
> From: Prasad J Pandit
>
> When executing script in lsi_execute_script(), the LSI scsi
> adapter emulator advances 's->dsp' index to read next opcode.
> This can lead to an infinite loop if the next opcode is empty.
> Exit such loop after
From: Prasad J Pandit
When executing script in lsi_execute_script(), the LSI scsi
adapter emulator advances 's->dsp' index to read next opcode.
This can lead to an infinite loop if the next opcode is empty.
Exit such loop after reading 10k empty opcodes.
Reported-by: Bugs SysSec
Signed-off-by: