From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Prasad J Pandit <ppandit@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 0/1] display/bochs: fix pcie support (qemu security issue)
Date: Mon, 12 Aug 2019 16:15:06 +0200 [thread overview]
Message-ID: <bdd475d0-c6be-027d-759a-a1e330cc3190@redhat.com> (raw)
In-Reply-To: <CAFEAcA-3bFuy2DDG8=-_Y3JO4HWpCW80EcsGWWN8toxiMpafBA@mail.gmail.com>
On 8/12/19 3:39 PM, Peter Maydell wrote:
> On Mon, 12 Aug 2019 at 13:51, Philippe Mathieu-Daudé <philmd@redhat.com> wrote:
>>
>> On 8/12/19 2:45 PM, Paolo Bonzini wrote:
>>> On 12/08/19 08:52, Gerd Hoffmann wrote:
>>>> Just found while investigating
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1707118
>>>>
>>>> Found PCIe extended config space filled with random crap due to
>>>> allocation being too small (conventional pci config space only).
>>>>
>>
>> Can you amend this information to the commit description?
>>
>> <...
>>
>>>> PCI(e) config space is guest writable. Writes are limited by
>>>> write mask (which probably is also filled with random stuff),
>>>
>>> Yes, it is also allocated with 256 bytes only.
>>>
>>>> so the guest can only flip enabled bits. But I suspect it
>>>> still might be exploitable, so rather serious because it might
>>>> be a host escape for the guest. On the other hand the device
>>>> is probably not yet in widespread use.
>>
>> ...>
>
> I can add to the commit this paragraph of the cover letter,
> and I think also the 'mitigation' note might as well go in.
Yes.
>
> I've also put the cc:stable into the commit message.
>
> Updated commit, ready to apply to master if we're OK with it:
>
> https://git.linaro.org/people/peter.maydell/qemu-arm.git/commit/?h=staging&id=c075b5f318a8be628ab8edf93be33f5a93a4aacd
Thank you!
>
> thanks
> -- PMM
>
next prev parent reply other threads:[~2019-08-12 14:15 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-12 6:52 [Qemu-devel] [PATCH 0/1] display/bochs: fix pcie support (qemu security issue) Gerd Hoffmann
2019-08-12 6:52 ` [Qemu-devel] [PATCH 1/1] display/bochs: fix pcie support Gerd Hoffmann
2019-08-12 12:59 ` Alex Williamson
2019-08-12 12:45 ` [Qemu-devel] [PATCH 0/1] display/bochs: fix pcie support (qemu security issue) Paolo Bonzini
2019-08-12 12:51 ` Philippe Mathieu-Daudé
2019-08-12 13:39 ` Peter Maydell
2019-08-12 14:15 ` Philippe Mathieu-Daudé [this message]
2019-08-12 15:35 ` Alex Williamson
2019-08-12 15:38 ` Peter Maydell
2019-08-12 15:48 ` Alex Williamson
2019-08-12 16:34 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bdd475d0-c6be-027d-759a-a1e330cc3190@redhat.com \
--to=philmd@redhat.com \
--cc=kraxel@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).