[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 931634: hw/rdma: Fix possible mremap overflow
From: |
Peter Maydell |
Subject: |
[Qemu-commits] [qemu/qemu] 931634: hw/rdma: Fix possible mremap overflow in the pvrdm... |
Date: |
Sun, 04 Jul 2021 08:08:20 -0700 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 9316342c2753e7772df55bae06b8f83c00572da8
https://github.com/qemu/qemu/commit/9316342c2753e7772df55bae06b8f83c00572da8
Author: Marcel Apfelbaum <marcel@redhat.com>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
Log Message:
-----------
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
Ensure mremap boundaries not trusting the guest kernel to
pass the correct buffer length.
Fixes: CVE-2021-3582
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210616110600.20889-1-marcel.apfelbaum@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Commit: 9c1240fc33fdfd527e8a71593adc8024085647b2
https://github.com/qemu/qemu/commit/9c1240fc33fdfd527e8a71593adc8024085647b2
Author: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Check the guest passed a non zero page count
for pvrdma device ring buffers.
Fixes: CVE-2021-3607
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630114634.2168872-1-marcel@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Commit: f6287078c2e41cd8de424682cc86c2afccbf3797
https://github.com/qemu/qemu/commit/f6287078c2e41cd8de424682cc86c2afccbf3797
Author: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_dev_ring.c
Log Message:
-----------
pvrdma: Fix the ring init error flow (CVE-2021-3608)
Do not unmap uninitialized dma addresses.
Fixes: CVE-2021-3608
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Commit: b39b63a3d3664bce2cc8729bb3545c327ce4a947
https://github.com/qemu/qemu/commit/b39b63a3d3664bce2cc8729bb3545c327ce4a947
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2021-07-04 (Sun, 04 Jul 2021)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
M hw/rdma/vmw/pvrdma_dev_ring.c
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/marcel/tags/pvrdma-04-07-2021' into
staging
PVRDMA queue
Several CVE fixes for the PVRDMA device.
# gpg: Signature made Sun 04 Jul 2021 09:28:12 BST
# gpg: using RSA key 36D4C0F0CF2FE46D
# gpg: Good signature from "Marcel Apfelbaum <marcel.apfelbaum@zoho.com>"
[marginal]
# gpg: aka "Marcel Apfelbaum <marcel@redhat.com>" [marginal]
# gpg: aka "Marcel Apfelbaum <marcel.apfelbaum@gmail.com>"
[marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: B1C6 3A57 F92E 08F2 640F 31F5 36D4 C0F0 CF2F E46D
* remotes/marcel/tags/pvrdma-04-07-2021:
pvrdma: Fix the ring init error flow (CVE-2021-3608)
pvrdma: Ensure correct input on ring init (CVE-2021-3607)
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/711c0418c8c1...b39b63a3d366
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 931634: hw/rdma: Fix possible mremap overflow in the pvrdm...,
Peter Maydell <=