From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47682)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1aIba4-0004oM-Ec
	for qemu-devel@nongnu.org; Mon, 11 Jan 2016 07:28:17 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1aIba0-0003Ef-Fh
	for qemu-devel@nongnu.org; Mon, 11 Jan 2016 07:28:16 -0500
Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244]:34540)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1aIba0-0003Eb-9M
	for qemu-devel@nongnu.org; Mon, 11 Jan 2016 07:28:12 -0500
Received: by mail-wm0-x244.google.com with SMTP id b14so26092265wmb.1
	for <qemu-devel@nongnu.org>; Mon, 11 Jan 2016 04:28:12 -0800 (PST)
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
References: <1452060985-25843-1-git-send-email-ppandit@redhat.com>
	<alpine.LFD.2.20.1601111248240.17226@wniryva>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <56939FD6.2040002@redhat.com>
Date: Mon, 11 Jan 2016 13:28:06 +0100
MIME-Version: 1.0
In-Reply-To: <alpine.LFD.2.20.1601111248240.17226@wniryva>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v2 for v2.3.0] fw_cfg: add check to
 validate current entry value
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: P J P <ppandit@redhat.com>, Stefan Weil <sw@weilnetz.de>
Cc: Peter Maydell <peter.maydell@linaro.org>, Qemu devel <qemu-devel@nongnu.org>, Donghai Zdh <donghai.zdh@alibaba-inc.com>



On 11/01/2016 08:23, P J P wrote:
>   Hello,
> 
> +-- On Wed, 6 Jan 2016, P J P wrote --+
> | When processing firmware configurations, an OOB r/w access occurs
> | if 's->cur_entry' is set to be invalid(FW_CFG_INVALID=0xffff).
> | Add a check to validate 's->cur_entry' to avoid such access.
> | 
> | Reported-by: Donghai Zdh <donghai.zdh@alibaba-inc.com>
> | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> | ---
> |  hw/nvram/fw_cfg.c | 12 ++++++++----
> |  1 file changed, 8 insertions(+), 4 deletions(-)
> | 
> | Updated as per review in
> |   -> https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00398.html
> 
> 
>   -> https://patchwork.ozlabs.org/patch/563706/
> 
> Ping...! Does it look okay? (just checking)

Yes, it looks good.

Paolo