[Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow in the pvrdm...
Date:	Mon, 05 Jul 2021 04:45:25 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 284f191b4abad213aed04cb0458e1600fd18d7c4
      
https://github.com/qemu/qemu/commit/284f191b4abad213aed04cb0458e1600fd18d7c4
  Author: Marcel Apfelbaum <marcel@redhat.com>
  Date:   2021-07-04 (Sun, 04 Jul 2021)

  Changed paths:
    M hw/rdma/vmw/pvrdma_cmd.c

  Log Message:
  -----------
  hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)

Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.

Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>


  Commit: 32e5703cfea07c91e6e84bcb0313f633bb146534
      
https://github.com/qemu/qemu/commit/32e5703cfea07c91e6e84bcb0313f633bb146534
  Author: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
  Date:   2021-07-04 (Sun, 04 Jul 2021)

  Changed paths:
    M hw/rdma/vmw/pvrdma_main.c

  Log Message:
  -----------
  pvrdma: Ensure correct input on ring init (CVE-2021-3607)

Check the guest passed a non zero page count
for pvrdma device ring buffers.

Fixes: CVE-2021-3607
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>


  Commit: 66ae37d8cc313f89272e711174a846a229bcdbd3
      
https://github.com/qemu/qemu/commit/66ae37d8cc313f89272e711174a846a229bcdbd3
  Author: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
  Date:   2021-07-04 (Sun, 04 Jul 2021)

  Changed paths:
    M hw/rdma/vmw/pvrdma_dev_ring.c

  Log Message:
  -----------
  pvrdma: Fix the ring init error flow (CVE-2021-3608)

Do not unmap uninitialized dma addresses.

Fixes: CVE-2021-3608
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>


  Commit: 4fb2820854a796ab75ffb2ec896b67268281ecde
      
https://github.com/qemu/qemu/commit/4fb2820854a796ab75ffb2ec896b67268281ecde
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-07-05 (Mon, 05 Jul 2021)

  Changed paths:
    M hw/rdma/vmw/pvrdma_cmd.c
    M hw/rdma/vmw/pvrdma_dev_ring.c
    M hw/rdma/vmw/pvrdma_main.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/marcel/tags/pvrdma-04-07-2021-v2' into 
staging

PVRDMA queue

Several CVE fixes for the PVRDMA device.

# gpg: Signature made Sun 04 Jul 2021 20:56:05 BST
# gpg:                using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>" 
[marginal]
# gpg:                 aka "Marcel Apfelbaum <marcel@redhat.com>" [marginal]
# gpg:                 aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>" 
[marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F  31F5 36D4 C0F0 CF2F E46D

* remotes/marcel/tags/pvrdma-04-07-2021-v2:
  pvrdma: Fix the ring init error flow (CVE-2021-3608)
  pvrdma: Ensure correct input on ring init (CVE-2021-3607)
  hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/711c0418c8c1...4fb2820854a7

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow in the pvrdm..., Peter Maydell, 2021/07/05
- [Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow in the pvrdm..., Peter Maydell <=

Prev by Date: [Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow in the pvrdm...
Next by Date: [Qemu-commits] [qemu/qemu] 1f546b: tests: migration-test: Add dirty ring test
Previous by thread: [Qemu-commits] [qemu/qemu] 284f19: hw/rdma: Fix possible mremap overflow in the pvrdm...
Next by thread: [Qemu-commits] [qemu/qemu] 1f546b: tests: migration-test: Add dirty ring test
Index(es):
- Date
- Thread