On 8/12/19 3:39 PM, Peter Maydell wrote: > On Mon, 12 Aug 2019 at 13:51, Philippe Mathieu-Daudé <phi...@redhat.com> > wrote: >> >> On 8/12/19 2:45 PM, Paolo Bonzini wrote: >>> On 12/08/19 08:52, Gerd Hoffmann wrote: >>>> Just found while investigating >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1707118 >>>> >>>> Found PCIe extended config space filled with random crap due to >>>> allocation being too small (conventional pci config space only). >>>> >> >> Can you amend this information to the commit description? >> >> <... >> >>>> PCI(e) config space is guest writable. Writes are limited by >>>> write mask (which probably is also filled with random stuff), >>> >>> Yes, it is also allocated with 256 bytes only. >>> >>>> so the guest can only flip enabled bits. But I suspect it >>>> still might be exploitable, so rather serious because it might >>>> be a host escape for the guest. On the other hand the device >>>> is probably not yet in widespread use. >> >> ...> > > I can add to the commit this paragraph of the cover letter, > and I think also the 'mitigation' note might as well go in.
Yes. > > I've also put the cc:stable into the commit message. > > Updated commit, ready to apply to master if we're OK with it: > > https://git.linaro.org/people/peter.maydell/qemu-arm.git/commit/?h=staging&id=c075b5f318a8be628ab8edf93be33f5a93a4aacd Thank you! > > thanks > -- PMM >
