[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code
From: |
Thomas Huth |
Subject: |
[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code |
Date: |
Mon, 21 Mar 2022 18:03:12 +0100 |
The following changes since commit 2058fdbe81e2985c226a026851dd26b146d3395c:
Merge tag 'fixes-20220318-pull-request' of git://git.kraxel.org/qemu into
staging (2022-03-19 11:28:54 +0000)
are available in the Git repository at:
https://gitlab.com/thuth/qemu.git tags/pull-request-2022-03-21
for you to fetch changes up to 27801168ecbb34b987d2e92a12369367bf9ac2bf:
tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)
(2022-03-21 14:05:42 +0100)
----------------------------------------------------------------
* Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611)
* Fix heap overflow due to recursive DMA in sdhci code
----------------------------------------------------------------
As far as I can see, these patches were ready to go, just felt
through the cracks so far since Philippe is now doing other stuff...
I think it would be nice to get these fixed for 7.0 (and if there
is ever a thorough global DMA reentrancy fix later in >= 7.1, we
can still revert the device-specific fixes here again later).
Philippe Mathieu-Daudé (8):
softmmu/physmem: Simplify flatview_write and address_space_access_valid
softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
hw/audio/intel-hda: Do not ignore DMA overrun errors
hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices)
tests/qtest/intel-hda-test: Add reproducer for issue #542
hw/sd/sdhci: Honor failed DMA transactions
hw/sd/sdhci: Prohibit DMA accesses to devices
tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)
include/exec/memattrs.h | 9 +++++
hw/audio/intel-hda.c | 11 ++++--
hw/sd/sdhci.c | 35 ++++++++++++++-----
softmmu/physmem.c | 55 ++++++++++++++++++++++++------
tests/qtest/fuzz-sdcard-test.c | 76 ++++++++++++++++++++++++++++++++++++++++++
tests/qtest/intel-hda-test.c | 34 +++++++++++++++++++
6 files changed, 198 insertions(+), 22 deletions(-)
- [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code,
Thomas Huth <=
- [PULL 2/8] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR, Thomas Huth, 2022/03/21
- [PULL 3/8] hw/audio/intel-hda: Do not ignore DMA overrun errors, Thomas Huth, 2022/03/21
- [PULL 1/8] softmmu/physmem: Simplify flatview_write and address_space_access_valid, Thomas Huth, 2022/03/21
- [PULL 4/8] hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices), Thomas Huth, 2022/03/21
- [PULL 5/8] tests/qtest/intel-hda-test: Add reproducer for issue #542, Thomas Huth, 2022/03/21
- [PULL 6/8] hw/sd/sdhci: Honor failed DMA transactions, Thomas Huth, 2022/03/21
- [PULL 8/8] tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225), Thomas Huth, 2022/03/21
- [PULL 7/8] hw/sd/sdhci: Prohibit DMA accesses to devices, Thomas Huth, 2022/03/21
- Re: [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code, Peter Maydell, 2022/03/22