qemu-e2k/hw/i386
Jan Kiszka 7174e54cf1 kvmvapic: Prevent reading beyond the end of guest RAM
rom_state_paddr is guest provided (caller address of outw(VAPIC_PORT) +
writen 16-bit value) and can be influenced to point beyond the end of
the host memory backing the guest's RAM. Make sure we do not use this
pointer to actually read beyond the limits.

Reading arbitrary guest bytes is harmless, the guest kernel has to
manage access to this I/O port anyway.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>
2013-10-04 13:13:16 +03:00
..
kvm kvm: Fix compiler warning (clang) 2013-09-20 20:11:32 +04:00
kvmvapic.c kvmvapic: Prevent reading beyond the end of guest RAM 2013-10-04 13:13:16 +03:00
Makefile.objs pc_sysfw: do not make it a device anymore 2013-08-12 09:31:14 -05:00
multiboot.c multiboot: Calculate upper_mem in the ROM 2013-06-28 14:01:52 -05:00
multiboot.h refer to FWCfgState explicitly 2013-06-02 18:14:02 +03:00
pc_piix.c xen: Enable cpu-hotplug on xenfv machine. 2013-09-25 16:43:12 +00:00
pc_q35.c Merge remote-tracking branch 'sstabellini/xen-2013-09-09' into staging 2013-09-11 14:45:57 -05:00
pc_sysfw.c pc_sysfw: Fix ISA BIOS init for ridiculously big flash 2013-09-12 11:45:32 -05:00
pc.c cpu: Use QTAILQ for CPU list 2013-09-03 12:25:55 +02:00
smbios.c smbios: Factor out smbios_maybe_add_str() 2013-09-28 23:49:39 +03:00
xen_domainbuild.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
xen_domainbuild.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
xen_machine_pv.c hw: Clean up bogus default boot order 2013-08-28 10:16:47 +03:00