diff options
| author | Alexander Kanavin <alex.kanavin@gmail.com> | 2021-09-08 20:01:09 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-10-11 18:41:37 +0100 |
| commit | d87987fc1a4e7f31fb5740568e5edb9a8d123992 (patch) | |
| tree | 0d31c92214a6db2b070e18c4592040a00ce7386d /meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch | |
| parent | 4a4d5f78a6962dda5f63e9891825c80a8a87bf66 (diff) | |
| download | poky-d87987fc1a4e7f31fb5740568e5edb9a8d123992.tar.gz | |
qemu: update 6.0.0 -> 6.1.0
Recipe changes:
qemu-plugin.h is installed by both qemu-native and qemu-system-native
qmp.py module is now provided in a module directory (no other files
from that directory are necessary to use it though)
additional host-specific info is stripeed from ptest tests/tcg/*.mak
Patches:
drop all backports
drop 0001-Add-enable-disable-udev.patch (change added upstream)
drop 0001-linux-user-Tag-vsx-with-ieee128-fpbits.patch
(issue fixed upstream)
drop 0004-qemu-disable-Valgrind.patch (valgrind detection moved
from configure to meson, and should be robust against host contamination)
rebase 0010-configure-Add-pkg-config-handling-for-libgcrypt.patch
(upstream moved libgcrypt handling from configure to meson, and using
pkg-config is now a one-liner adjustment)
rebase cross.patch
(From OE-Core rev: b2710d25e3d8d79a35dbd4332ffc5cc8053d5eb8)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch deleted file mode 100644 index 77a5385692..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2021-3527-1.patch +++ /dev/null | |||
| @@ -1,42 +0,0 @@ | |||
| 1 | From 05a40b172e4d691371534828078be47e7fff524c Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Gerd Hoffmann <kraxel@redhat.com> | ||
| 3 | Date: Mon, 3 May 2021 15:29:15 +0200 | ||
| 4 | Subject: [PATCH] usb: limit combined packets to 1 MiB (CVE-2021-3527) | ||
| 5 | |||
| 6 | usb-host and usb-redirect try to batch bulk transfers by combining many | ||
| 7 | small usb packets into a single, large transfer request, to reduce the | ||
| 8 | overhead and improve performance. | ||
| 9 | |||
| 10 | This patch adds a size limit of 1 MiB for those combined packets to | ||
| 11 | restrict the host resources the guest can bind that way. | ||
| 12 | |||
| 13 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
| 14 | Message-Id: <20210503132915.2335822-6-kraxel@redhat.com> | ||
| 15 | |||
| 16 | Upstream-Status: Backport | ||
| 17 | https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c | ||
| 18 | CVE: CVE-2021-3527 | ||
| 19 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
| 20 | |||
| 21 | --- | ||
| 22 | hw/usb/combined-packet.c | 4 +++- | ||
| 23 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
| 24 | |||
| 25 | diff --git a/hw/usb/combined-packet.c b/hw/usb/combined-packet.c | ||
| 26 | index 5d57e883dc..e56802f89a 100644 | ||
| 27 | --- a/hw/usb/combined-packet.c | ||
| 28 | +++ b/hw/usb/combined-packet.c | ||
| 29 | @@ -171,7 +171,9 @@ void usb_ep_combine_input_packets(USBEndpoint *ep) | ||
| 30 | if ((p->iov.size % ep->max_packet_size) != 0 || !p->short_not_ok || | ||
| 31 | next == NULL || | ||
| 32 | /* Work around for Linux usbfs bulk splitting + migration */ | ||
| 33 | - (totalsize == (16 * KiB - 36) && p->int_req)) { | ||
| 34 | + (totalsize == (16 * KiB - 36) && p->int_req) || | ||
| 35 | + /* Next package may grow combined package over 1MiB */ | ||
| 36 | + totalsize > 1 * MiB - ep->max_packet_size) { | ||
| 37 | usb_device_handle_data(ep->dev, first); | ||
| 38 | assert(first->status == USB_RET_ASYNC); | ||
| 39 | if (first->combined) { | ||
| 40 | -- | ||
| 41 | GitLab | ||
| 42 | |||