Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes.

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes.

From:	Peter Maydell
Subject:	Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes.
Date:	Thu, 16 Mar 2017 17:53:21 +0000

On 16 March 2017 at 09:30, Gerd Hoffmann <address@hidden> wrote:
>   Hi,
>
> Another pile of cirrus blitter fixes, including cve fixes for known
> issues, so clearly 2.9 material.
>
> Patches 6+7 implement a new approach to blitter memory access sanity
> checking.  We pass around offsets not pointers, and at the place where
> the actual memory access happens we mask the offset to the valid
> range before calculating the pointer.
>
> That should put an end to security holes due to blit_is_unsafe() sanity
> checks failing to calculate some special case correctly, or due to
> blit_is_unsafe() calls missing, and kill any dragons which might still
> be lurking in the code.  In theory this even obsoletes blit_is_unsafe(),
> but I don't feel like ripping it out right away ...
>
> please pull,
>   Gerd
>
> The following changes since commit 1883ff34b540daacae948f493b0ba525edf5f642:
>
>   Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 
> (2017-03-15 18:44:05 +0000)
>
> are available in the git repository at:
>
>
>   git://git.kraxel.org/qemu tags/pull-cirrus-20170316-1
>
> for you to fetch changes up to ffaf857778286ca54e3804432a2369a279e73aa7:
>
>   cirrus: stop passing around src pointers in the blitter (2017-03-16 
> 08:58:16 +0100)
>
> ----------------------------------------------------------------
> cirrus: blitter fixes.
>

Applied, thanks.

-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL for-2.9 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault, (continued)
- [Qemu-devel] [PULL for-2.9 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 3/7] cirrus: switch to 4 MB video memory by default, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 4/7] cirrus: add option to disable blitter, Gerd Hoffmann, 2017/03/16
  - Re: [Qemu-devel] [PULL for-2.9 4/7] cirrus: add option to disable blitter, 李强, 2017/03/16
    - Re: [Qemu-devel] [PULL for-2.9 4/7] cirrus: add option to disable blitter, Thomas Huth, 2017/03/16
    - Re: [Qemu-devel] [PULL for-2.9 4/7] cirrus: add option to disable blitter, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 6/7] cirrus: stop passing around dst pointers in the blitter, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 5/7] cirrus: fix cirrus_invalidate_region, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 7/7] cirrus: stop passing around src pointers in the blitter, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 2/7] cirrus/vnc: zap bitblit support from console code., Gerd Hoffmann, 2017/03/16
- Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes., Peter Maydell <=

Prev by Date: Re: [Qemu-devel] [RFC patch 3/3] blockjob: add devops to blockjob backends
Next by Date: Re: [Qemu-devel] Proposal for deprecating unsupported host OSes & architecutures
Previous by thread: [Qemu-devel] [PULL for-2.9 2/7] cirrus/vnc: zap bitblit support from console code.
Next by thread: [Qemu-devel] Device 'id' property not getting set for virtio-net-pci device type
Index(es):
- Date
- Thread