[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 736b01: hw/nvme: fix CVE-2021-3929
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 736b01: hw/nvme: fix CVE-2021-3929 |
Date: |
Tue, 15 Feb 2022 11:30:39 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 736b01642d85be832385063f278fe7cd4ffb5221
https://github.com/qemu/qemu/commit/736b01642d85be832385063f278fe7cd4ffb5221
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2022-02-14 (Mon, 14 Feb 2022)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: fix CVE-2021-3929
This fixes CVE-2021-3929 "locally" by denying DMA to the iomem of the
device itself. This still allows DMA to MMIO regions of other devices
(e.g. doing P2P DMA to the controller memory buffer of another NVMe
device).
Fixes: CVE-2021-3929
Reported-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit: e080ce8676e9097184304a2ed11bf95443c0e547
https://github.com/qemu/qemu/commit/e080ce8676e9097184304a2ed11bf95443c0e547
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2022-02-14 (Mon, 14 Feb 2022)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme/ctrl: Have nvme_addr_write() take const buffer
The 'buf' argument is not modified, so better pass it as const type.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit: 8d3a17be6f556a996ab9404bead7fc58758c21eb
https://github.com/qemu/qemu/commit/8d3a17be6f556a996ab9404bead7fc58758c21eb
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Date: 2022-02-14 (Mon, 14 Feb 2022)
Changed paths:
M hw/nvme/ctrl.c
M hw/nvme/nvme.h
Log Message:
-----------
hw/nvme/ctrl: Pass buffers as 'void *' types
These buffers can be anything, not an array of chars,
so use the 'void *' type for them.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit: 6190d92ff70c177e901a85fe0c2da44e34c606f9
https://github.com/qemu/qemu/commit/6190d92ff70c177e901a85fe0c2da44e34c606f9
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2022-02-14 (Mon, 14 Feb 2022)
Changed paths:
M hw/nvme/ctrl.c
M include/block/nvme.h
Log Message:
-----------
hw/nvme: add struct for zone management send
Add struct for Zone Management Send in preparation for more zone send
flags.
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit: 25872031e14edf6a47bff1c015a026afe5c1c967
https://github.com/qemu/qemu/commit/25872031e14edf6a47bff1c015a026afe5c1c967
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2022-02-14 (Mon, 14 Feb 2022)
Changed paths:
M hw/nvme/ns.c
M include/block/nvme.h
Log Message:
-----------
hw/nvme: add ozcs enum
Add enumeration for OZCS values.
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit: e321b4cdc2dd0b5e806ecf759138be7f83774142
https://github.com/qemu/qemu/commit/e321b4cdc2dd0b5e806ecf759138be7f83774142
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2022-02-14 (Mon, 14 Feb 2022)
Changed paths:
M hw/nvme/ctrl.c
M hw/nvme/ns.c
M hw/nvme/nvme.h
M hw/nvme/trace-events
M include/block/nvme.h
Log Message:
-----------
hw/nvme: add support for zoned random write area
Add support for TP 4076 ("Zoned Random Write Area"), v2021.08.23
("Ratified").
This adds three new namespace parameters: "zoned.numzrwa" (number of
zrwa resources, i.e. number of zones that can have a zrwa),
"zoned.zrwas" (zrwa size in LBAs), "zoned.zrwafg" (granularity in LBAs
for flushes).
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Commit: cc6721e449c4c5a9a5007ad8a810f7f54143eadc
https://github.com/qemu/qemu/commit/cc6721e449c4c5a9a5007ad8a810f7f54143eadc
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2022-02-15 (Tue, 15 Feb 2022)
Changed paths:
M hw/nvme/ctrl.c
M hw/nvme/ns.c
M hw/nvme/nvme.h
M hw/nvme/trace-events
M include/block/nvme.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into
staging
hw/nvme updates
- fix CVE-2021-3929
- add zone random write area support
- misc cleanups from Philippe
# gpg: Signature made Mon 14 Feb 2022 08:01:34 GMT
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* remotes/nvme/tags/nvme-next-pull-request:
hw/nvme: add support for zoned random write area
hw/nvme: add ozcs enum
hw/nvme: add struct for zone management send
hw/nvme/ctrl: Pass buffers as 'void *' types
hw/nvme/ctrl: Have nvme_addr_write() take const buffer
hw/nvme: fix CVE-2021-3929
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/e56d873f0ed9...cc6721e449c4