diff options
author | Armin Kuster <akuster@mvista.com> | 2016-09-19 19:52:57 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-23 23:22:04 +0100 |
commit | 48048dcaa26b7ad97c4b2e10c06b86bd5cba761f (patch) | |
tree | e34deeddebea527b18cb2a764b2df9b3919ba961 /meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch | |
parent | 931a6e6d5e3081c7b45d2591d8bf545ca0df375d (diff) | |
download | poky-48048dcaa26b7ad97c4b2e10c06b86bd5cba761f.tar.gz |
qemu: Security fix CVE-2016-6351
affects qemu < 2.6.0
(From OE-Core rev: 5729eb105ff69cae0eac7a596cb0e938f6159526)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch new file mode 100644 index 0000000000..c4ed354e8e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch | |||
@@ -0,0 +1,60 @@ | |||
1 | From cc96677469388bad3d66479379735cf75db069e3 Mon Sep 17 00:00:00 2001 | ||
2 | From: Paolo Bonzini <pbonzini@redhat.com> | ||
3 | Date: Mon, 20 Jun 2016 16:32:39 +0200 | ||
4 | Subject: [PATCH] scsi: esp: fix migration | ||
5 | |||
6 | Commit 926cde5 ("scsi: esp: make cmdbuf big enough for maximum CDB size", | ||
7 | 2016-06-16) changed the size of a migrated field. Split it in two | ||
8 | parts, and only migrate the second part in a new vmstate version. | ||
9 | |||
10 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | CVE: CVE-2016-6351 patch1 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | hw/scsi/esp.c | 5 +++-- | ||
18 | include/migration/vmstate.h | 5 ++++- | ||
19 | 2 files changed, 7 insertions(+), 3 deletions(-) | ||
20 | |||
21 | Index: qemu-2.4.0/hw/scsi/esp.c | ||
22 | =================================================================== | ||
23 | --- qemu-2.4.0.orig/hw/scsi/esp.c | ||
24 | +++ qemu-2.4.0/hw/scsi/esp.c | ||
25 | @@ -571,7 +571,7 @@ static bool esp_mem_accepts(void *opaque | ||
26 | |||
27 | const VMStateDescription vmstate_esp = { | ||
28 | .name ="esp", | ||
29 | - .version_id = 3, | ||
30 | + .version_id = 4, | ||
31 | .minimum_version_id = 3, | ||
32 | .fields = (VMStateField[]) { | ||
33 | VMSTATE_BUFFER(rregs, ESPState), | ||
34 | @@ -582,7 +582,8 @@ const VMStateDescription vmstate_esp = { | ||
35 | VMSTATE_BUFFER(ti_buf, ESPState), | ||
36 | VMSTATE_UINT32(status, ESPState), | ||
37 | VMSTATE_UINT32(dma, ESPState), | ||
38 | - VMSTATE_BUFFER(cmdbuf, ESPState), | ||
39 | + VMSTATE_PARTIAL_BUFFER(cmdbuf, ESPState, 16), | ||
40 | + VMSTATE_BUFFER_START_MIDDLE_V(cmdbuf, ESPState, 16, 4), | ||
41 | VMSTATE_UINT32(cmdlen, ESPState), | ||
42 | VMSTATE_UINT32(do_cmd, ESPState), | ||
43 | VMSTATE_UINT32(dma_left, ESPState), | ||
44 | Index: qemu-2.4.0/include/migration/vmstate.h | ||
45 | =================================================================== | ||
46 | --- qemu-2.4.0.orig/include/migration/vmstate.h | ||
47 | +++ qemu-2.4.0/include/migration/vmstate.h | ||
48 | @@ -778,8 +778,11 @@ extern const VMStateInfo vmstate_info_bi | ||
49 | #define VMSTATE_PARTIAL_BUFFER(_f, _s, _size) \ | ||
50 | VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, 0, _size) | ||
51 | |||
52 | +#define VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, _v) \ | ||
53 | + VMSTATE_STATIC_BUFFER(_f, _s, _v, NULL, _start, sizeof(typeof_field(_s, _f))) | ||
54 | + | ||
55 | #define VMSTATE_BUFFER_START_MIDDLE(_f, _s, _start) \ | ||
56 | - VMSTATE_STATIC_BUFFER(_f, _s, 0, NULL, _start, sizeof(typeof_field(_s, _f))) | ||
57 | + VMSTATE_BUFFER_START_MIDDLE_V(_f, _s, _start, 0) | ||
58 | |||
59 | #define VMSTATE_PARTIAL_VBUFFER(_f, _s, _size) \ | ||
60 | VMSTATE_VBUFFER(_f, _s, 0, NULL, 0, _size) | ||