libvhost-user: Support across-memory-boundary access - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Yongji Xie	2018-01-18 17:04:05 +0100
committer	Michael S. Tsirkin	2018-02-13 17:25:48 +0100
commit	293084a7196b1d7781b6fe19b24e85eb8b7f4de0 (patch)
tree	9c3adca62a86fca93bb70d452e9193881e366897 /include/hw/virtio/vhost-user-scsi.h
parent	libvhost-user: Fix resource leak (diff)
download	qemu-293084a7196b1d7781b6fe19b24e85eb8b7f4de0.tar.gz qemu-293084a7196b1d7781b6fe19b24e85eb8b7f4de0.tar.xz qemu-293084a7196b1d7781b6fe19b24e85eb8b7f4de0.zip

libvhost-user: Support across-memory-boundary access

The sg list/indirect descriptor table may be contigious in GPA but not in HVA address space. But libvhost-user wasn't aware of that. This would cause out-of-bounds access. Even a malicious guest could use it to get information from the vhost-user backend. Introduce a plen parameter in vu_gpa_to_va() so we can handle this case, returning the actual mapped length. Signed-off-by: Yongji Xie <xieyongji@baidu.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Diffstat (limited to 'include/hw/virtio/vhost-user-scsi.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: