[PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)

From:	Marcel Apfelbaum
Subject:	[PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Date:	Wed, 30 Jun 2021 14:46:34 +0300

Check the guest passed a non zero page count
for pvrdma device ring buffers.

Fixes: CVE-2021-3607
Reported-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
---
 hw/rdma/vmw/pvrdma_main.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hw/rdma/vmw/pvrdma_main.c b/hw/rdma/vmw/pvrdma_main.c
index 84ae8024fc..7c0c3551a8 100644
--- a/hw/rdma/vmw/pvrdma_main.c
+++ b/hw/rdma/vmw/pvrdma_main.c
@@ -92,6 +92,11 @@ static int init_dev_ring(PvrdmaRing *ring, PvrdmaRingState 
**ring_state,
     uint64_t *dir, *tbl;
     int rc = 0;
 
+    if (!num_pages) {
+        rdma_error_report("Ring pages count must be strictly positive");
+        return -EINVAL;
+    }
+
     dir = rdma_pci_dma_map(pci_dev, dir_addr, TARGET_PAGE_SIZE);
     if (!dir) {
         rdma_error_report("Failed to map to page directory (ring %s)", name);
-- 
2.31.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607), Marcel Apfelbaum <=
- Re: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607), Yuval Shaia, 2021/06/30

Prev by Date: Re: [PATCH v7 2/4] Jobs based on custom runners: build environment docs and playbook
Next by Date: [PATCH] pvrdma: Fix the ring init error flow (CVE-2021-3608)
Previous by thread: [PATCH v3] target/s390x: Fix CC set by CONVERT TO FIXED/LOGICAL
Next by thread: Re: [PATCH] pvrdma: Ensure correct input on ring init (CVE-2021-3607)
Index(es):
- Date
- Thread