From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35420) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aMXiz-0007zW-Dy for qemu-devel@nongnu.org; Fri, 22 Jan 2016 04:09:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aMXiw-0002VK-7Q for qemu-devel@nongnu.org; Fri, 22 Jan 2016 04:09:45 -0500 Received: from mx1.redhat.com ([209.132.183.28]:55679) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aMXiw-0002Ud-2h for qemu-devel@nongnu.org; Fri, 22 Jan 2016 04:09:42 -0500 References: <1453209440-16455-1-git-send-email-lersek@redhat.com> <56A19D63.1000204@redhat.com> <56A1C819.7080506@msgid.tls.msk.ru> <56A1C91C.1080808@redhat.com> From: Laszlo Ersek Message-ID: <56A1F1D1.6000607@redhat.com> Date: Fri, 22 Jan 2016 10:09:37 +0100 MIME-Version: 1.0 In-Reply-To: <56A1C91C.1080808@redhat.com> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH] e1000: eliminate infinite loops on out-of-bounds transfer start List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jason Wang , Michael Tokarev , qemu-devel@nongnu.org Cc: Prasad Pandit , Stefano Stabellini , Petr Matousek , Michael Roth , "Michael S. Tsirkin" On 01/22/16 07:15, Jason Wang wrote: > > > On 01/22/2016 02:11 PM, Michael Tokarev wrote: >> 22.01.2016 06:09, Jason Wang wrote: >>> On 01/19/2016 09:17 PM, Laszlo Ersek wrote: >>>> The start_xmit() and e1000_receive_iov() functions implement DMA transfers >>>> iterating over a set of descriptors that the guest's e1000 driver >>>> prepares: >> ... >>> Applied in my -net. >> This is CVE-2016-1981, btw. >> >> /mjt >> > > Add this into commit log. Thanks guys! Laszlo