From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41365) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xy7nD-0008Hj-Sg for qemu-devel@nongnu.org; Mon, 08 Dec 2014 18:32:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xy7n7-0004QR-Nj for qemu-devel@nongnu.org; Mon, 08 Dec 2014 18:32:39 -0500 Received: from mx1.redhat.com ([209.132.183.28]:35217) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xy7n7-0004Pj-Gh for qemu-devel@nongnu.org; Mon, 08 Dec 2014 18:32:33 -0500 Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sB8NWV02017428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 8 Dec 2014 18:32:31 -0500 Date: Tue, 9 Dec 2014 07:32:50 +0800 From: Amos Kong Message-ID: <20141208233249.GA24837@air.redhat.com> References: <1415785203-26938-1-git-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: <1415785203-26938-1-git-send-email-mst@redhat.com> Subject: Re: [Qemu-devel] [PATCH 0/4] migration: fix CVE-2014-7840 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Michael S. Tsirkin" Cc: quintela@redhat.com, qemu-devel@nongnu.org, dgilbert@redhat.com --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 12, 2014 at 11:44:35AM +0200, Michael S. Tsirkin wrote: > This patchset fixes CVE-2014-7840: invalid > migration stream can cause arbitrary qemu memory > overwrite. > First patch includes the minimal fix for the issue. > Follow-up patches on top add extra checking to reduce the > chance this kind of bug recurs. >=20 > Note: these are already (tentatively-pending review) > queued in my tree, so only review/ack > is necessary. >=20 > Michael S. Tsirkin (4): Reviewed-by: Amos Kong > migration: fix parameter validation on ram load > exec: add wrapper for host pointer access > cpu: assert host pointer offset within block > cpu: verify that block->host is set >=20 > include/exec/cpu-all.h | 7 +++++++ > arch_init.c | 5 +++-- > exec.c | 10 +++++----- > 3 files changed, 15 insertions(+), 7 deletions(-) >=20 > --=20 > MST >=20 --=20 Amos. --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUhjUhAAoJELxSv6I5vP9j2AYP/iS/7qLK4fyNhlregKhJBcim BCvlYYRqLb2L7ojotLdGLB2jvmjJAxmfNUXIQPhtCSKJUxhaJcE3Xf8JCi2LpT9Q A3lEq2fsp5VxnJO03MWoBi2ZgIirUcr0vOR3Wbal58WMG86ZBAWDnIq4RMv9HVTW ErhIUR/3Uc8wn2KB23y5gpwNQLLqVWX1S0PrGeeXXsTj6/6Aq64tfnL/IqBw6zqC DJ1NQX5mAozoFDzeOqZMlxTvxpHOmdC2u6q6pD80bbtNDU0zn7+FVDEliy+OoGw1 TF01wDSXUEegUrNirjzz0rASUioMMiwzXcdr/XuIAOaMJkmUdC/GoLTm9oxHL2TA 3S6xgm1QUI7SeJxPnbToXwYDEBcM9hIsb6Fd8S2MwVv9+0Ebc++9kFYhuaLFbcoH Vu8RXam9L/KhxLCLC79BeMxEDfhUfEi7H4Dl9t01Bv7Nxc07Q/t5swtaNBiJTQiS nRpGdN1gYo05EeIH0rp7dyOjMFRqtzOcccO+8/QTnDu8T3QUeI2fLVRFZneMmEA5 1YfWDzhDuEHnlrFjqlJVLzaorf7gF7eZ2Oq1qP1XMT+2unm9XdPK6bqbG2IzpdOz Q7Lsx5+hu5Hq9pjU9LNiYEXubHW+EsYXSu9y07+tEtQBZRj/eJMRG3TVnCFvrbQG cB6OQ3ocJj7tnK5ZwKby =jw88 -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--