+-- On Wed, 3 Jun 2020, Philippe Mathieu-Daudé wrote --+
| > -} else {
| > +} else if (s->regs.mm_index > MM_DATA + 3) {
| > val = ati_mm_read(s, s->regs.mm_index + addr - MM_DATA, size);
|
| We usually log unexpected guest accesses with:
|
|} else {
|
On Thu, Jun 04, 2020 at 12:25:22AM +0530, P J P wrote:
> From: Prasad J Pandit
>
> While accessing VGA registers via ati_mm_read/write routines,
> a guest may set 's->regs.mm_index' such that it leads to infinite
> recursion. Check mm_index value to avoid it.
So this is a denial of service secur
On Thu, 4 Jun 2020, P J P wrote:
From: Prasad J Pandit
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion. Check mm_index value to avoid it.
Reported-by: Ren Ding
Reported-by: Hanqing Zhao
Reported-by: Yi
On 6/3/20 8:55 PM, P J P wrote:
> From: Prasad J Pandit
>
> While accessing VGA registers via ati_mm_read/write routines,
> a guest may set 's->regs.mm_index' such that it leads to infinite
> recursion. Check mm_index value to avoid it.
>
> Reported-by: Ren Ding
> Reported-by: Hanqing Zhao
> R
From: Prasad J Pandit
While accessing VGA registers via ati_mm_read/write routines,
a guest may set 's->regs.mm_index' such that it leads to infinite
recursion. Check mm_index value to avoid it.
Reported-by: Ren Ding
Reported-by: Hanqing Zhao
Reported-by: Yi Ren
Signed-off-by: Prasad J Pandit
