On 11/11/2019 11:15 AM, Stefan Hajnoczi wrote:
On Thu, Oct 24, 2019 at 05:09:28AM -0400, Jagannathan Raman wrote:
@@ -93,7 +94,8 @@ static void process_config_write(MPQemuMsg *msg)
struct conf_data_msg *conf = (struct conf_data_msg *)msg->data2;
qemu_mutex_lock_iothread();
- pci_default_write_config(remote_pci_dev, conf->addr, conf->val, conf->l);
+ pci_default_write_config(remote_pci_devs[msg->id], conf->addr, conf->val,
+ conf->l);
qemu_mutex_unlock_iothread();
}
@@ -106,7 +108,8 @@ static void process_config_read(MPQemuMsg *msg)
wait = msg->fds[0];
qemu_mutex_lock_iothread();
- val = pci_default_read_config(remote_pci_dev, conf->addr, conf->l);
+ val = pci_default_read_config(remote_pci_devs[msg->id], conf->addr,
+ conf->l);
qemu_mutex_unlock_iothread();
notify_proxy(wait, val);
msg->id was read from a socket and hasn't been validated before indexing
into remote_pci_devs[].
We see the common thread, w.r.t your concerns about security. Thanks for
pointing them out.
We will fix this and other similar issues in the future.
Thank you very much!
--
Jag
