diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch new file mode 100644 index 0000000000..115be68295 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-15469-6.patch | |||
@@ -0,0 +1,61 @@ | |||
1 | Backport of: | ||
2 | |||
3 | From 921604e175b8ec06c39503310e7b3ec1e3eafe9e Mon Sep 17 00:00:00 2001 | ||
4 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
5 | Date: Tue, 11 Aug 2020 17:11:30 +0530 | ||
6 | Subject: [PATCH] spapr_pci: add spapr msi read method | ||
7 | |||
8 | Add spapr msi mmio read method to avoid NULL pointer dereference | ||
9 | issue. | ||
10 | |||
11 | Reported-by: Lei Sun <slei.casper@gmail.com> | ||
12 | Acked-by: David Gibson <david@gibson.dropbear.id.au> | ||
13 | Reviewed-by: Li Qiang <liq3ea@gmail.com> | ||
14 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
15 | Message-Id: <20200811114133.672647-7-ppandit@redhat.com> | ||
16 | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> | ||
17 | |||
18 | CVE: CVE-2020-15469 | ||
19 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches/CVE-2020-15469-6.patch?h=ubuntu/focal-security Upstream commit https://github.com/qemu/qemu/commit/921604e175b8ec06c39503310e7b3ec1e3eafe9e] | ||
20 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
21 | --- | ||
22 | hw/ppc/spapr_pci.c | 14 ++++++++++++-- | ||
23 | 1 file changed, 12 insertions(+), 2 deletions(-) | ||
24 | |||
25 | --- a/hw/ppc/spapr_pci.c | ||
26 | +++ b/hw/ppc/spapr_pci.c | ||
27 | @@ -52,6 +52,7 @@ | ||
28 | #include "sysemu/kvm.h" | ||
29 | #include "sysemu/hostmem.h" | ||
30 | #include "sysemu/numa.h" | ||
31 | +#include "qemu/log.h" | ||
32 | |||
33 | /* Copied from the kernel arch/powerpc/platforms/pseries/msi.c */ | ||
34 | #define RTAS_QUERY_FN 0 | ||
35 | @@ -738,6 +739,12 @@ static PCIINTxRoute spapr_route_intx_pin | ||
36 | return route; | ||
37 | } | ||
38 | |||
39 | +static uint64_t spapr_msi_read(void *opaque, hwaddr addr, unsigned size) | ||
40 | +{ | ||
41 | + qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid access\n", __func__); | ||
42 | + return 0; | ||
43 | +} | ||
44 | + | ||
45 | /* | ||
46 | * MSI/MSIX memory region implementation. | ||
47 | * The handler handles both MSI and MSIX. | ||
48 | @@ -755,8 +762,11 @@ static void spapr_msi_write(void *opaque | ||
49 | } | ||
50 | |||
51 | static const MemoryRegionOps spapr_msi_ops = { | ||
52 | - /* There is no .read as the read result is undefined by PCI spec */ | ||
53 | - .read = NULL, | ||
54 | + /* | ||
55 | + * .read result is undefined by PCI spec. | ||
56 | + * define .read method to avoid assert failure in memory_region_init_io | ||
57 | + */ | ||
58 | + .read = spapr_msi_read, | ||
59 | .write = spapr_msi_write, | ||
60 | .endianness = DEVICE_LITTLE_ENDIAN | ||
61 | }; | ||