Xen 		  
Home About Xen.org Xen Xen Summit Wiki Mailing List Bug Tracker Xen Downloads
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: [Qemu-devel] qemu/pci: Unaligned config read/write overf

from [andrzej zaborowski] [Permanent Link][Original]
To: qemu-devel@xxxxxxxxxx
Subject: [Xen-devel] Re: [Qemu-devel] qemu/pci: Unaligned config read/write overflow
From: "andrzej zaborowski" <balrog@xxxxxxxxx>
Date: Wed, 29 Nov 2006 14:51:24 +0000
Cc: Xen Development Mailing List <xen-devel@xxxxxxxxxxxxxxxxxxx>, Keir Fraser <keir@xxxxxxxxxxxxx>
Delivery-date: Thu, 30 Nov 2006 05:21:41 -0800
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=ih02XzCfwdOMRVtb6o1aUZlVRRUhCmAJSRg7NUKp5nfxAaueZRggxWJJNkIThJ+biVgHiK0finy6ZCykSWjXG5VcwFUoPwkeWDwoZL71DAQr4sFw9zq4UGH4SbzZ7gHZdNcfjpNcbrUzp0niOzU+zfx7BKRjUWo/CAozUzIf87Q=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <20061128040441.GA7506@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <20061128040441.GA7506@xxxxxxxxxxxxxxxxxxx>
Reply-to: balrogg@xxxxxxxxx
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
Hi,

On 28/11/06, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:

The default config read/write handlers allows a 4-byte read/write at
address 255.  This can clobber the field after the config area.  This
happens to be the PCIBus pointer in the PCIDevice structure.


An easier way to prevent the clobbering is grow PCIDevice::config by
three bytes.

Regards,
Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel] [PATCH] Bugfix: Don't use function pointers to inline functions, Jan Beulich
Next by Date:  [Xen-devel] Xen boot error, Surisetty, Pradeep Kumar
Previous by Thread:  [Xen-devel] qemu/pci: Unaligned config read/write overflow, Herbert Xu
Next by Thread:  [Xen-devel] Related to Xen Terminology, Sameer Ahuja
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , XenSource, Inc. All rights reserved. Note: the xen.org trademark policy
is changing. For information please email legalxen.org, Legal and Privacy