From mboxrd@z Thu Jan  1 00:00:00 1970
From: Arnd Bergmann <arnd@arndb.de>
Subject: Re: [RFC/PATCH 07/15 v3] kvm-s390: interrupt subsystem,
	cpu timer, waitpsw
Date: Mon, 31 Mar 2008 07:43:57 +0200
Message-ID: <200803310743.58580.arnd@arndb.de>
References: <1206030270.6690.51.camel@cotte.boeblingen.de.ibm.com>
	<1206458154.6217.12.camel@cotte.boeblingen.de.ibm.com>
	<1206467246.6507.43.camel@cotte.boeblingen.de.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: EHRHARDT@de.ibm.com, hollisb@us.ibm.com,
	kvm-devel@lists.sourceforge.net, heiko.carstens@de.ibm.com,
	jeroney@us.ibm.com, Avi Kivity <avi@qumranet.com>,
	virtualization@lists.linux-foundation.org, borntraeger@de.ibm.com,
	oliver.paukstadt@millenux.com, schwidefsky@de.ibm.com,
	rvdheij@gmail.com, os@de.ibm.com, jblunck@suse.de,
	"Zhang, Xiantao" <xiantao.zhang@intel.com>
To: Carsten Otte <cotte@de.ibm.com>
Return-path: <kvm-devel-bounces@lists.sourceforge.net>
In-Reply-To: <1206467246.6507.43.camel@cotte.boeblingen.de.ibm.com>
Content-Disposition: inline
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=kvm-devel>
List-Post: <mailto:kvm-devel@lists.sourceforge.net>
List-Help: <mailto:kvm-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/kvm-devel>,
	<mailto:kvm-devel-request@lists.sourceforge.net?subject=subscribe>
Sender: kvm-devel-bounces@lists.sourceforge.net
Errors-To: kvm-devel-bounces@lists.sourceforge.net
List-Id: kvm.vger.kernel.org

On Tuesday 25 March 2008, Carsten Otte wrote:

> +	case KVM_S390_SIGP_SET_PREFIX:
> +		VCPU_EVENT(vcpu, 4, "interrupt: set prefix to %x",
> +			   inti->prefix.address);
> +		vcpu->stat.deliver_prefix_signal++;
> +		vcpu->arch.sie_block->prefix = inti->prefix.address;
> +		vcpu->arch.sie_block->ihcpu = 0xffff;
> +		break;

This smells like a security bug. What happens if the guest sets the prefix
to an address outside of its address range?

	Arnd <><

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace