From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NLOvc-000428-Ds
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:34:36 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NLOvW-0003sk-V4
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:34:34 -0500
Received: from [199.232.76.173] (port=34737 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NLOvV-0003sX-Vw
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:34:30 -0500
Received: from mail-yx0-f188.google.com ([209.85.210.188]:55929)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1NLOvV-0006IC-MC
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 17:34:29 -0500
Received: by yxe26 with SMTP id 26so2477933yxe.4
	for <qemu-devel@nongnu.org>; Thu, 17 Dec 2009 14:34:29 -0800 (PST)
Message-ID: <4B2AB1F2.3060507@codemonkey.ws>
Date: Thu, 17 Dec 2009 16:34:26 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <adatyvp44ov.fsf@roland-alpha.cisco.com>
In-Reply-To: <adatyvp44ov.fsf@roland-alpha.cisco.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH to consider for 0.12] vmware_vga: Don't
 crash on too-big DEFINE_CURSOR command
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Roland Dreier <rdreier@cisco.com>
Cc: Dave Airlie <airlied@gmail.com>, qemu-devel@nongnu.org

Hi Roland,

Roland Dreier wrote:
> Hi Anthony -- just sent this patch to qemu-devel (although I don't see
> it in archives yet).  Anyway I realize it is really really late given
> your release timeframe but I think the risk of this pretty minimal, and
> the patch fixes a crash in a pretty reasonable config (running a modern
> Linux distro with the fastest guest video adapter).  So please consider
> this for 0.12.
>
> Another possibility would be to just take the part of the patch that
> bumps the array size in the structure, since that seems to have
> essentially 0 risk and fixes the crash in the case I've seen.
>   

Thanks for the patch.  I'm planning on giving Dave Airlie's series a try 
for 0.12.0.  I'm pretty comfortable with those patches (since a few of 
them are mine :-)).  I also don't think vmware-vga is going to be 
reliable without them so I don't think pulling in the one fix is good 
enough.

His last patch has the same fix without the printf().  The printf is 
probably something to avoid since a malicious guest could create a storm 
of them.  Since libvirt logs stderr by default, the result could be 
pretty nasty.

Regards,

Anthony Liguori