diff options
author | Gerd Hoffmann <kraxel@redhat.com> | 2011-04-27 11:05:34 +0200 |
---|---|---|
committer | Doug Goldstein <cardoe@cardoe.com> | 2011-05-27 13:35:04 -0500 |
commit | 1c87d782190845a8c23640ce1e03d7f903a22ca0 (patch) | |
tree | 4d3da18a42a97670487d8c45d7583307d7fb60ac | |
parent | Merge commit 'v0.14.1' into stable-0.14 (diff) | |
download | qemu-kvm-0.14.1-gentoo-1.tar.gz qemu-kvm-0.14.1-gentoo-1.tar.bz2 qemu-kvm-0.14.1-gentoo-1.zip |
Ignore pci unplug requests for unpluggable devices (CVE-2011-1751)qemu-kvm-0.14.1-gentoo-1
This patch makes qemu ignore unplug requests from the guest for pci
devices which are tagged as non-hotpluggable. Trouble spot is the
piix4 chipset with the ISA bridge. Requests to unplug that one will
make it go away together with all ISA bus devices, which are not
prepared to be unplugged and thus don't cleanup, leaving active
qemu timers behind in free'ed memory.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r-- | hw/acpi_piix4.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/hw/acpi_piix4.c b/hw/acpi_piix4.c index dde8646c7..aec4d3cd8 100644 --- a/hw/acpi_piix4.c +++ b/hw/acpi_piix4.c @@ -605,11 +605,13 @@ static void pciej_write(void *opaque, uint32_t addr, uint32_t val) BusState *bus = opaque; DeviceState *qdev, *next; PCIDevice *dev; + PCIDeviceInfo *info; int slot = ffs(val) - 1; QLIST_FOREACH_SAFE(qdev, &bus->children, sibling, next) { dev = DO_UPCAST(PCIDevice, qdev, qdev); - if (PCI_SLOT(dev->devfn) == slot) { + info = container_of(qdev->info, PCIDeviceInfo, qdev); + if (PCI_SLOT(dev->devfn) == slot && !info->no_hotplug) { qdev_free(qdev); } } |