[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code

From:	Thomas Huth
Subject:	[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code
Date:	Mon, 21 Mar 2022 18:03:12 +0100

The following changes since commit 2058fdbe81e2985c226a026851dd26b146d3395c:

  Merge tag 'fixes-20220318-pull-request' of git://git.kraxel.org/qemu into 
staging (2022-03-19 11:28:54 +0000)

are available in the Git repository at:

  https://gitlab.com/thuth/qemu.git tags/pull-request-2022-03-21

for you to fetch changes up to 27801168ecbb34b987d2e92a12369367bf9ac2bf:

  tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225) 
(2022-03-21 14:05:42 +0100)

----------------------------------------------------------------
* Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611)
* Fix heap overflow due to recursive DMA in sdhci code

----------------------------------------------------------------

As far as I can see, these patches were ready to go, just felt
through the cracks so far since Philippe is now doing other stuff...
I think it would be nice to get these fixed for 7.0 (and if there
is ever a thorough global DMA reentrancy fix later in >= 7.1, we
can still revert the device-specific fixes here again later).

Philippe Mathieu-Daudé (8):
    softmmu/physmem: Simplify flatview_write and address_space_access_valid
    softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
    hw/audio/intel-hda: Do not ignore DMA overrun errors
    hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices)
    tests/qtest/intel-hda-test: Add reproducer for issue #542
    hw/sd/sdhci: Honor failed DMA transactions
    hw/sd/sdhci: Prohibit DMA accesses to devices
    tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)

 include/exec/memattrs.h        |  9 +++++
 hw/audio/intel-hda.c           | 11 ++++--
 hw/sd/sdhci.c                  | 35 ++++++++++++++-----
 softmmu/physmem.c              | 55 ++++++++++++++++++++++++------
 tests/qtest/fuzz-sdcard-test.c | 76 ++++++++++++++++++++++++++++++++++++++++++
 tests/qtest/intel-hda-test.c   | 34 +++++++++++++++++++
 6 files changed, 198 insertions(+), 22 deletions(-)

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code, Thomas Huth <=
- [PULL 2/8] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR, Thomas Huth, 2022/03/21
- [PULL 3/8] hw/audio/intel-hda: Do not ignore DMA overrun errors, Thomas Huth, 2022/03/21
- [PULL 1/8] softmmu/physmem: Simplify flatview_write and address_space_access_valid, Thomas Huth, 2022/03/21
- [PULL 4/8] hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices), Thomas Huth, 2022/03/21
- [PULL 5/8] tests/qtest/intel-hda-test: Add reproducer for issue #542, Thomas Huth, 2022/03/21
- [PULL 6/8] hw/sd/sdhci: Honor failed DMA transactions, Thomas Huth, 2022/03/21
- [PULL 8/8] tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225), Thomas Huth, 2022/03/21
- [PULL 7/8] hw/sd/sdhci: Prohibit DMA accesses to devices, Thomas Huth, 2022/03/21
- Re: [PULL 0/8] Fix CVE-2021-3611 and heap overflow in sdhci code, Peter Maydell, 2022/03/22

Prev by Date: Re: [PATCH 06/15] iotests: rebase qemu_io() on top of qemu_tool()
Next by Date: [PULL 2/8] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
Previous by thread: [PULL 0/2] Bugfixes for QEMU 7.0-rc1
Next by thread: [PULL 2/8] softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
Index(es):
- Date
- Thread