vtkm_support_csv

分支 (17)

标签 (7)

管理

管理

master

vtkm_support_csv

fix_not_build_vpsp

a8-virt-stream-an

a8.9-virt-stream-an

a23

a23.0

a23.1

a23.2

a7

a8.5-virt-stream-an

a8.4-virt-stream-an

a8.4

a8.2-virt-stream-an

a8.2-virt-stream-plus_scratch

a8.2-virt-stream-plus

develop/jacob-a8-virt-stream-an

qemu-kvm-6.2.0-53.0.1.module+an8.9.0+11290+12638409.2

qemu-kvm-6.2.0-53.0.1.module+an8.9.0+11266+0a594782.2

qemu-kvm-6.2.0-53.0.1.module+an8.9.0+11258+ab71c06c

qemu-kvm-6.2.0-52.0.1.module+an8.9.0+11245+813eb85a

qemu-kvm-6.2.0-50.0.1.module+an8.9.0+11229+46db78d5

qemu-kvm-6.2.0-49.0.1.module+an8.9.0+11216+b6b9383f

qemu-kvm-6.2.0-41.0.1.module+an8.9.0+11168+98c7cfc6.1

qemu-kvm_src-anolis
/
kvm-hw-char-virtio-serial-bus-Protect...

From f4623ea611a74c684b0097b98a803cbe7ffb0825 Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Thu, 18 Jul 2024 09:26:55 -0400
Subject: [PATCH 5/6] hw/char/virtio-serial-bus: Protect from DMA re-entrancy
 bugs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 380: QEMU: virtio: DMA reentrancy issue leads to double free vulnerability
RH-Jira: RHEL-32276
RH-Acked-by: Gerd Hoffmann <None>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [5/6] fc8a445ebf6e763cd1482cd1f7ee23e5b5bbb388 (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)

JIRA: https://issues.redhat.com/browse/RHEL-32276
CVE: CVE-2024-3446
Upstream: Merged

commit b4295bff25f7b50de1d9cc94a9c6effd40056bca
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date:   Thu Apr 4 20:56:35 2024 +0200

    hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs

    Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
    so the bus and device use the same guard. Otherwise the
    DMA-reentrancy protection can be bypassed.

    Fixes: CVE-2024-3446
    Cc: qemu-stable@nongnu.org
    Suggested-by: Alexander Bulekov <alxndr@bu.edu>
    Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
    Acked-by: Michael S. Tsirkin <mst@redhat.com>
    Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
    Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
    Message-Id: <20240409105537.18308-4-philmd@linaro.org>

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
 hw/char/virtio-serial-bus.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index f18124b155..791b7ac59e 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
         return;
     }

-    port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port,
-                                   &dev->mem_reentrancy_guard);
+    port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port);
     port->elem = NULL;
 }

--
2.39.3