qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 080832: ebpf: only include in system emulator

From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 080832: ebpf: only include in system emulators
Date: Mon, 20 Sep 2021 10:31:23 -0700 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 080832e4f4801a28bd1170c49e61f6a0f5f05d03
      
https://github.com/qemu/qemu/commit/080832e4f4801a28bd1170c49e61f6a0f5f05d03
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2021-09-17 (Fri, 17 Sep 2021)

  Changed paths:
    M ebpf/meson.build

  Log Message:
  -----------
  ebpf: only include in system emulators

eBPF files are being included in user emulators, which is useless and
also breaks compilation because ebpf/trace-events is only processed
if a system emulator is included in the build.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/566
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: bedd7e93d01961fcb16a97ae45d93acf357e11f6
      
https://github.com/qemu/qemu/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6
  Author: Jason Wang <jasowang@redhat.com>
  Date:   2021-09-17 (Fri, 17 Sep 2021)

  Changed paths:
    M hw/net/virtio-net.c

  Log Message:
  -----------
  virtio-net: fix use after unmap/free for sg

When mergeable buffer is enabled, we try to set the num_buffers after
the virtqueue elem has been unmapped. This will lead several issues,
E.g a use after free when the descriptor has an address which belongs
to the non direct access region. In this case we use bounce buffer
that is allocated during address_space_map() and freed during
address_space_unmap().

Fixing this by storing the elems temporarily in an array and delay the
unmap after we set the the num_buffers.

This addresses CVE-2021-3748.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: fbe78f4f55c6 ("virtio-net support")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 326ff8dd09556fc2e257196c49f35009700794ac
      
https://github.com/qemu/qemu/commit/326ff8dd09556fc2e257196c49f35009700794ac
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-09-20 (Mon, 20 Sep 2021)

  Changed paths:
    M ebpf/meson.build
    M hw/net/virtio-net.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into 
staging

# gpg: Signature made Fri 17 Sep 2021 09:17:32 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) 
<jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  virtio-net: fix use after unmap/free for sg
  ebpf: only include in system emulators

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/c3f76fbca607...326ff8dd0955
reply via email to
[Prev in Thread] Current Thread [Next in Thread]