[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 00/16] Misc HW patches for 2024-04-10
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
[PULL 00/16] Misc HW patches for 2024-04-10 |
|
Date: |
Wed, 10 Apr 2024 11:12:59 +0200 |
The following changes since commit 927284d65bce63ab1495d3febe7c7b5b6d563874:
Merge tag 'edk2-20240409-pull-request' of https://gitlab.com/kraxel/qemu into
staging (2024-04-09 17:36:40 +0100)
are available in the Git repository at:
https://github.com/philmd/qemu.git tags/hw-misc-20240410
for you to fetch changes up to dcb0a1ac03d6b5ba6c7fcbe467f0215738006113:
hw/audio/virtio-snd: Remove unused assignment (2024-04-10 11:07:37 +0200)
----------------------------------------------------------------
Misc HW patch queue
- Fix CXL Fixed Memory Window interleave-granularity typo
- Fix for DMA re-entrancy abuse with VirtIO devices (CVE-2024-3446)
- Fix out-of-bound access in NAND block buffer
- Fix memory leak in AppleSMC reset() handler
- Avoid VirtIO crypto backends abort o invalid session ID
- Fix overflow in LAN9118 MIL TX FIFO
- Fix overflow when abusing SDHCI TRNMOD register (CVE-2024-3447)
- Fix overrun in short fragmented packet SCTP checksum (CVE-2024-3567)
- Remove unused assignment in virtio-snd model (Coverity 1542933 & 1542934)
----------------------------------------------------------------
Philippe Mathieu-Daudé (15):
hw/virtio: Introduce virtio_bh_new_guarded() helper
hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
hw/block/nand: Factor nand_load_iolen() method out
hw/block/nand: Have blk_load() take unsigned offset and return boolean
hw/block/nand: Fix out-of-bound access in NAND block buffer
hw/misc/applesmc: Do not call DeviceReset from DeviceRealize
hw/misc/applesmc: Fix memory leak in reset() handler
backends/cryptodev: Do not abort for invalid session ID
hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE
definition
hw/net/lan9118: Fix overflow in MIL TX FIFO
hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum()
hw/audio/virtio-snd: Remove unused assignment
Yuquan Wang (1):
qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo
include/hw/virtio/virtio.h | 7 +++++
backends/cryptodev-builtin.c | 4 ++-
hw/audio/virtio-snd.c | 8 ++++--
hw/block/nand.c | 55 +++++++++++++++++++++++++-----------
hw/char/virtio-serial-bus.c | 3 +-
hw/display/virtio-gpu.c | 6 ++--
hw/misc/applesmc.c | 2 +-
hw/net/lan9118.c | 28 +++++++++++++++---
hw/net/net_tx_pkt.c | 4 +++
hw/sd/sdhci.c | 8 ++++++
hw/virtio/virtio-crypto.c | 4 +--
hw/virtio/virtio.c | 10 +++++++
qemu-options.hx | 6 ++--
13 files changed, 109 insertions(+), 36 deletions(-)
--
2.41.0
- [PULL 00/16] Misc HW patches for 2024-04-10,
Philippe Mathieu-Daudé <=
- [PULL 01/16] hw/virtio: Introduce virtio_bh_new_guarded() helper, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 02/16] hw/display/virtio-gpu: Protect from DMA re-entrancy bugs, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 04/16] hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 03/16] hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 05/16] qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 06/16] hw/block/nand: Factor nand_load_iolen() method out, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 07/16] hw/block/nand: Have blk_load() take unsigned offset and return boolean, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 08/16] hw/block/nand: Fix out-of-bound access in NAND block buffer, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 09/16] hw/misc/applesmc: Do not call DeviceReset from DeviceRealize, Philippe Mathieu-Daudé, 2024/04/10
- [PULL 10/16] hw/misc/applesmc: Fix memory leak in reset() handler, Philippe Mathieu-Daudé, 2024/04/10