On Tue, 2 Aug 2022 at 14:53, Thomas Huth <th...@redhat.com> wrote: > > The XHCI code could enter an endless loop in case the guest points > QEMU to fetch TRBs from invalid memory areas. Fix it by properly > checking the return value of dma_memory_read().
It certainly makes sense to check the return value from dma_memory_read(), but how can we end up in an infinite loop if it fails? Either: (1) there is some combination of data values which allow an infinite loop, so we can hit those if the DMA access fails and we use bogus uninitialized data. But then the guest could maliciously pass us those bad values and create an infinite loop without a failing DMA access, ie commit 05f43d44e4b missed a case. If so we need to fix that! Or (2) there isn't actually an infinite loop possible here, and we're just tidying up a case which is C undefined behaviour but in practice unlikely to have effects any worse than the guest could provoke anyway (ie running up to the TRB_LINK_LIMIT and stopping). In this case the commit message here is a bit misleading. thanks -- PMM
