diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch new file mode 100644 index 0000000000..d6715d337c --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-2.patch | |||
@@ -0,0 +1,69 @@ | |||
1 | From 4f2a5202a05fc1612954804a2482f07bff105ea2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Tue, 11 Aug 2020 17:11:26 +0530 | ||
4 | Subject: [PATCH] pci-host: designware: add pcie-msi read method | ||
5 | |||
6 | Add pcie-msi mmio read method to avoid NULL pointer dereference | ||
7 | issue. | ||
8 | |||
9 | Reported-by: Lei Sun <slei.casper@gmail.com> | ||
10 | Reviewed-by: Li Qiang <liq3ea@gmail.com> | ||
11 | Reviewed-by: Peter Maydell <peter.maydell@linaro.org> | ||
12 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
13 | Message-Id: <20200811114133.672647-3-ppandit@redhat.com> | ||
14 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | ||
15 | |||
16 | CVE: CVE-2020-15469 | ||
17 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2020-15469-2.patch?h=ubuntu/focal-security Upstream Commit https://github.com/qemu/qemu/commit/4f2a5202a05fc1612954804a2482f07bff105ea2] | ||
18 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
19 | --- | ||
20 | hw/pci-host/designware.c | 19 +++++++++++++++++++ | ||
21 | 1 file changed, 19 insertions(+) | ||
22 | |||
23 | diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c | ||
24 | index f9fb97a..bde3a34 100644 | ||
25 | --- a/hw/pci-host/designware.c | ||
26 | +++ b/hw/pci-host/designware.c | ||
27 | @@ -21,6 +21,7 @@ | ||
28 | #include "qemu/osdep.h" | ||
29 | #include "qapi/error.h" | ||
30 | #include "qemu/module.h" | ||
31 | +#include "qemu/log.h" | ||
32 | #include "hw/pci/msi.h" | ||
33 | #include "hw/pci/pci_bridge.h" | ||
34 | #include "hw/pci/pci_host.h" | ||
35 | @@ -63,6 +64,23 @@ designware_pcie_root_to_host(DesignwarePCIERoot *root) | ||
36 | return DESIGNWARE_PCIE_HOST(bus->parent); | ||
37 | } | ||
38 | |||
39 | +static uint64_t designware_pcie_root_msi_read(void *opaque, hwaddr addr, | ||
40 | + unsigned size) | ||
41 | +{ | ||
42 | + /* | ||
43 | + * Attempts to read from the MSI address are undefined in | ||
44 | + * the PCI specifications. For this hardware, the datasheet | ||
45 | + * specifies that a read from the magic address is simply not | ||
46 | + * intercepted by the MSI controller, and will go out to the | ||
47 | + * AHB/AXI bus like any other PCI-device-initiated DMA read. | ||
48 | + * This is not trivial to implement in QEMU, so since | ||
49 | + * well-behaved guests won't ever ask a PCI device to DMA from | ||
50 | + * this address we just log the missing functionality. | ||
51 | + */ | ||
52 | + qemu_log_mask(LOG_UNIMP, "%s not implemented\n", __func__); | ||
53 | + return 0; | ||
54 | +} | ||
55 | + | ||
56 | static void designware_pcie_root_msi_write(void *opaque, hwaddr addr, | ||
57 | uint64_t val, unsigned len) | ||
58 | { | ||
59 | @@ -77,6 +95,7 @@ static void designware_pcie_root_msi_write(void *opaque, hwaddr addr, | ||
60 | } | ||
61 | |||
62 | static const MemoryRegionOps designware_pci_host_msi_ops = { | ||
63 | + .read = designware_pcie_root_msi_read, | ||
64 | .write = designware_pcie_root_msi_write, | ||
65 | .endianness = DEVICE_LITTLE_ENDIAN, | ||
66 | .valid = { | ||
67 | -- | ||
68 | 1.8.3.1 | ||
69 | |||