[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow in the pvrdm... |
Date: |
Mon, 05 Jul 2021 04:45:25 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 284f191b4abad213aed04cb0458e1600fd18d7c4
https://github.com/qemu/qemu/commit/284f191b4abad213aed04cb0458e1600fd18d7c4
Author: Marcel Apfelbaum <marcel@redhat.com>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
Log Message:
-----------
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.
Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Commit: 32e5703cfea07c91e6e84bcb0313f633bb146534
https://github.com/qemu/qemu/commit/32e5703cfea07c91e6e84bcb0313f633bb146534
Author: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Check the guest passed a non zero page count
for pvrdma device ring buffers.
Fixes: CVE-2021-3607
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Commit: 66ae37d8cc313f89272e711174a846a229bcdbd3
https://github.com/qemu/qemu/commit/66ae37d8cc313f89272e711174a846a229bcdbd3
Author: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_dev_ring.c
Log Message:
-----------
pvrdma: Fix the ring init error flow (CVE-2021-3608)
Do not unmap uninitialized dma addresses.
Fixes: CVE-2021-3608
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Commit: 4fb2820854a796ab75ffb2ec896b67268281ecde
https://github.com/qemu/qemu/commit/4fb2820854a796ab75ffb2ec896b67268281ecde
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-07-05 (Mon, 05 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
M hw/rdma/vmw/pvrdma_dev_ring.c
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/marcel/tags/pvrdma-04-07-2021-v2' into
staging
PVRDMA queue
Several CVE fixes for the PVRDMA device.
# gpg: Signature made Sun 04 Jul 2021 20:56:05 BST
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>"
[marginal]
# gpg: aka "Marcel Apfelbaum <marcel@redhat.com>" [marginal]
# gpg: aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>"
[marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/pvrdma-04-07-2021-v2:
pvrdma: Fix the ring init error flow (CVE-2021-3608)
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/711c0418c8c1...4fb2820854a7