diff options
author | Alexander Kanavin <alex.kanavin@gmail.com> | 2021-09-08 20:01:09 +0200 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-10-11 18:41:37 +0100 |
commit | d87987fc1a4e7f31fb5740568e5edb9a8d123992 (patch) | |
tree | 0d31c92214a6db2b070e18c4592040a00ce7386d /meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch | |
parent | 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 (diff) | |
download | poky-d87987fc1a4e7f31fb5740568e5edb9a8d123992.tar.gz |
qemu: update 6.0.0 -> 6.1.0
Recipe changes:
qemu-plugin.h is installed by both qemu-native and qemu-system-native
qmp.py module is now provided in a module directory (no other files
from that directory are necessary to use it though)
additional host-specific info is stripeed from ptest tests/tcg/*.mak
Patches:
drop all backports
drop 0001-Add-enable-disable-udev.patch (change added upstream)
drop 0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch
(issue fixed upstream)
drop 0004-qemu-disable-Valgrind.patch (valgrind detection moved
from configure to meson, and should be robust against host contamination)
rebase 0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
(upstream moved libgcrypt handling from configure to meson, and using
pkg-config is now a one-liner adjustment)
rebase cross.patch
(From OE-Core rev: b2710d25e3d8d79a35dbd4332ffc5cc8053d5eb8)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch deleted file mode 100644 index 77a5385692..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch +++ /dev/null | |||
@@ -1,42 +0,0 @@ | |||
1 | From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001 | ||
2 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
3 | Date: Mon, 3 May 2021 15:29:15 +0200 | ||
4 | Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527) | ||
5 | |||
6 | usb-host and usb-redirect try to batch bulk transfers by combining many | ||
7 | small usb packets into a single, large transfer request, to reduce the | ||
8 | overhead and improve performance. | ||
9 | |||
10 | This patch adds a size limit of 1 MiB for those combined packets to | ||
11 | restrict the host resources the guest can bind that way. | ||
12 | |||
13 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
14 | Message-Id: <20210503132915.2335822-6-kraxel@redhat.com> | ||
15 | |||
16 | Upstream-Status: Backport | ||
17 | https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c | ||
18 | CVE: CVE-2021-3527 | ||
19 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
20 | |||
21 | --- | ||
22 | hw/usb/combined-packet.c | 4 +++- | ||
23 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
24 | |||
25 | diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c | ||
26 | index 5d57e883dc..e56802f89a 100644 | ||
27 | --- a/hw/usb/combined-packet.c | ||
28 | +++ b/hw/usb/combined-packet.c | ||
29 | @@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep) | ||
30 | if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok || | ||
31 | next == NULL || | ||
32 | /* Work around for Linux usbfs bulk splitting + migration */ | ||
33 | - (totalsize == (16 * KiB - 36) && p->int_req)) { | ||
34 | + (totalsize == (16 * KiB - 36) && p->int_req) || | ||
35 | + /* Next package may grow combined package over 1MiB */ | ||
36 | + totalsize > 1 * MiB - ep->max_packet_size) { | ||
37 | usb_device_handle_data(ep->dev, first); | ||
38 | assert(first->status == USB_RET_ASYNC); | ||
39 | if (first->combined) { | ||
40 | -- | ||
41 | GitLab | ||
42 | |||