Revision f8bb0565

« Previous | Next »

ID	f8bb056564ed719b2fa5e05028bc70aeb0cc5c6c

Added by Igor Mammedov about 11 years ago

target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big

Stack corruption may occur if too big 'level' or 'xlevel' values passed
on command line with KVM enabled, due to limited size of cpuid_data
in kvm_arch_init_vcpu().

reproduces with:
qemu -enable-kvm -cpu qemu64,level=4294967295
or
qemu -enable-kvm -cpu qemu64,xlevel=4294967295

Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
or abort() if there is not space.

Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Andreas Faerber <afaerber@suse.de>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gleb Natapov <gleb@redhat.com>

Files

added
modified
copied
renamed
deleted

View differences

target-i386
- kvm.c (diff)

Archipelago » qemu

Revision f8bb0565

Files