From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50063) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1buGDj-0000fR-2y for qemu-devel@nongnu.org; Wed, 12 Oct 2016 05:53:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1buGDf-0000gY-6d for qemu-devel@nongnu.org; Wed, 12 Oct 2016 05:53:07 -0400 Received: from mail-wm0-x233.google.com ([2a00:1450:400c:c09::233]:37294) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1buGDe-0000gL-VF for qemu-devel@nongnu.org; Wed, 12 Oct 2016 05:53:03 -0400 Received: by mail-wm0-x233.google.com with SMTP id b201so21588492wmb.0 for ; Wed, 12 Oct 2016 02:53:02 -0700 (PDT) Date: Wed, 12 Oct 2016 11:52:59 +0200 From: Jiri Pirko Message-ID: <20161012095259.GA1847@nanopsycho> References: <1476263455-24839-1-git-send-email-ppandit@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1476263455-24839-1-git-send-email-ppandit@redhat.com> Subject: Re: [Qemu-devel] [PATCH] net: rocker: set limit to DMA buffer size List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: P J P Cc: Qemu Developers , Jason Wang , Huawei PSIRT , Prasad J Pandit Wed, Oct 12, 2016 at 11:10:55AM CEST, ppandit@redhat.com wrote: >From: Prasad J Pandit > >Rocker network switch emulator has test registers to help debug >DMA operations. While testing host DMA access, a buffer address >is written to register 'TEST_DMA_ADDR' and its size is written to >register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT >test, if DMA buffer size was greater than 'INT_MAX', it leads to >an invalid buffer access. Limit the DMA buffer size to avoid it. > >Reported-by: Huawei PSIRT >Signed-off-by: Prasad J Pandit Reviewed-by: Jiri Pirko