diff options
| author | Sakib Sajal <sakib.sajal@windriver.com> | 2021-08-20 16:55:19 -0700 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-01 16:27:09 +0100 |
| commit | 4bd52d64c9581cc9a87a0b6b113575881566e5fc (patch) | |
| tree | 84815aa7498a42d6df70817d6b270d0c03b72e89 /meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch | |
| parent | 474c37c17ee8c8938de58d03e71e9f6a67ed4471 (diff) | |
| download | poky-4bd52d64c9581cc9a87a0b6b113575881566e5fc.tar.gz | |
qemu: fix CVE-2021-3416
Source: poky.org
MR: 109686
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=381aebe82f1f6fcc26b47966bc8520dbb1476961
ChangeID: 50b1589249cc3c595d224e3a8347da2b54339ef8
Description:
Drop CVE-2021-3416_4.patch as hw/net/msf2-emac.c does not exist in 4.2.0
(From OE-Core rev: 7a3ce8a79a6c682e1b38f757eb68534e0ce5589d)
(From OE-Core rev: 44bb99fdd1a7eee78078f7d48b9b8aad729f84ec)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2b5bc11d1b26b73b62e1a63cb75572793282dcb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 381aebe82f1f6fcc26b47966bc8520dbb1476961)
[Drop CVE-2021-3416_4.patch, affected file does not exist in 4.2.0]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch new file mode 100644 index 0000000000..40b4bd96e7 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Jason Wang <jasowang@redhat.com> | ||
| 3 | Date: Wed, 24 Feb 2021 13:27:52 +0800 | ||
| 4 | Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for | ||
| 5 | loopback | ||
| 6 | MIME-Version: 1.0 | ||
| 7 | Content-Type: text/plain; charset=UTF-8 | ||
| 8 | Content-Transfer-Encoding: 8bit | ||
| 9 | |||
| 10 | This patch switches to use qemu_receive_receive_iov() which can detect | ||
| 11 | reentrancy and return early. | ||
| 12 | |||
| 13 | This is intended to address CVE-2021-3416. | ||
| 14 | |||
| 15 | Cc: Prasad J Pandit <ppandit@redhat.com> | ||
| 16 | Cc: qemu-stable@nongnu.org | ||
| 17 | Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> | ||
| 18 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
| 19 | |||
| 20 | Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73] | ||
| 21 | CVE: CVE-2021-3416 | ||
| 22 | |||
| 23 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> | ||
| 24 | --- | ||
| 25 | hw/net/net_tx_pkt.c | 2 +- | ||
| 26 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 27 | |||
| 28 | Index: qemu-4.2.0/hw/net/net_tx_pkt.c | ||
| 29 | =================================================================== | ||
| 30 | --- qemu-4.2.0.orig/hw/net/net_tx_pkt.c | ||
| 31 | +++ qemu-4.2.0/hw/net/net_tx_pkt.c | ||
| 32 | @@ -544,7 +544,7 @@ static inline void net_tx_pkt_sendv(stru | ||
| 33 | NetClientState *nc, const struct iovec *iov, int iov_cnt) | ||
| 34 | { | ||
| 35 | if (pkt->is_loopback) { | ||
| 36 | - nc->info->receive_iov(nc, iov, iov_cnt); | ||
| 37 | + qemu_receive_packet_iov(nc, iov, iov_cnt); | ||
| 38 | } else { | ||
| 39 | qemu_sendv_packet(nc, iov, iov_cnt); | ||
| 40 | } | ||