On Mon, 2011-09-26 at 22:45 +0300, Pekka Enberg wrote: > On Mon, Sep 26, 2011 at 10:37 PM, Sasha Levin <levinsasha928@xxxxxxxxx> wrote: > >> Interesting. This is a theoretical issue, correct? > >> Not a crash you actually see. > > > > Actually it was an actual crash caused when our virtio-net driver in kvm > > tools did funny things and passed '(u32)-1' length as a buffer length to > > the guest kernel. > > I'm not sure what Michael means with "theoretical issue" here. Can the guest > driver assume that the hypervisor doesn't attempt to do nasty things? afaik if the hypervisor can access the vcpus and the memory of the guest, this shouldn't be a security issue - more of a bug prevention issue. I guess it'll be interesting the other way around, when it's the guest that passes this buggy information to the hypervisor. -- Sasha. -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
