1 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch
new file mode 100644
index 0000000000..40b4bd96e7
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch
@@ -0,0 +1,40 @@
+From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Wed, 24 Feb 2021 13:27:52 +0800
+Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for
+ loopback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+This patch switches to use qemu_receive_receive_iov() which can detect
+reentrancy and return early.
+This is intended to address CVE-2021-3416.
+Cc: Prasad J Pandit <ppandit@redhat.com>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73]
+CVE: CVE-2021-3416
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/net/net_tx_pkt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+Index: qemu-4.2.0/hw/net/net_tx_pkt.c
+===================================================================
+--- qemu-4.2.0.orig/hw/net/net_tx_pkt.c
+++ qemu-4.2.0/hw/net/net_tx_pkt.c
+@@ -544,7 +544,7 @@ static inline void net_tx_pkt_sendv(stru
+     NetClientState *nc, const struct iovec *iov, int iov_cnt)
+ {
+     if (pkt->is_loopback) {
+-        nc->info->receive_iov(nc, iov, iov_cnt);
+        qemu_receive_packet_iov(nc, iov, iov_cnt);
+     } else {
+         qemu_sendv_packet(nc, iov, iov_cnt);
+     }

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch new file mode 100644 index 0000000000..40b4bd96e7 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_6.patch
@@ -0,0 +1,40 @@
	1	From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001
	2	From: Jason Wang <jasowang@redhat.com>
	3	Date: Wed, 24 Feb 2021 13:27:52 +0800
	4	Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for
	5	loopback
	6	MIME-Version: 1.0
	7	Content-Type: text/plain; charset=UTF-8
	8	Content-Transfer-Encoding: 8bit
	9
	10	This patch switches to use qemu_receive_receive_iov() which can detect
	11	reentrancy and return early.
	12
	13	This is intended to address CVE-2021-3416.
	14
	15	Cc: Prasad J Pandit <ppandit@redhat.com>
	16	Cc: qemu-stable@nongnu.org
	17	Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
	18	Signed-off-by: Jason Wang <jasowang@redhat.com>
	19
	20	Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73]
	21	CVE: CVE-2021-3416
	22
	23	Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
	24	---
	25	hw/net/net_tx_pkt.c \| 2 +-
	26	1 file changed, 1 insertion(+), 1 deletion(-)
	27
	28	Index: qemu-4.2.0/hw/net/net_tx_pkt.c
	29	===================================================================
	30	--- qemu-4.2.0.orig/hw/net/net_tx_pkt.c
	31	+++ qemu-4.2.0/hw/net/net_tx_pkt.c
	32	@@ -544,7 +544,7 @@ static inline void net_tx_pkt_sendv(stru
	33	NetClientState nc, const struct iovec iov, int iov_cnt)
	34	{
	35	if (pkt->is_loopback) {
	36	- nc->info->receive_iov(nc, iov, iov_cnt);
	37	+ qemu_receive_packet_iov(nc, iov, iov_cnt);
	38	} else {
	39	qemu_sendv_packet(nc, iov, iov_cnt);
	40	}