diff options
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu.inc | 1 | ||||
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch | 40 |
2 files changed, 41 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 2786eedd42..73e1861b00 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc | |||
@@ -35,6 +35,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ | |||
35 | file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \ | 35 | file://0011-qemu-Ensure-pip-and-the-python-venv-aren-t-used-for-.patch \ |
36 | file://qemu-guest-agent.init \ | 36 | file://qemu-guest-agent.init \ |
37 | file://qemu-guest-agent.udev \ | 37 | file://qemu-guest-agent.udev \ |
38 | file://CVE-2024-6505.patch \ | ||
38 | " | 39 | " |
39 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" | 40 | UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" |
40 | 41 | ||
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch b/meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch new file mode 100644 index 0000000000..67382a2a8e --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From f1595ceb9aad36a6c1da95bcb77ab9509b38822d Mon Sep 17 00:00:00 2001 | ||
2 | From: Akihiko Odaki <akihiko.odaki@daynix.com> | ||
3 | Date: Mon, 1 Jul 2024 20:58:04 +0900 | ||
4 | Subject: [PATCH] virtio-net: Ensure queue index fits with RSS | ||
5 | |||
6 | Ensure the queue index points to a valid queue when software RSS | ||
7 | enabled. The new calculation matches with the behavior of Linux's TAP | ||
8 | device with the RSS eBPF program. | ||
9 | |||
10 | Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing") | ||
11 | Reported-by: Zhibin Hu <huzhibin5@huawei.com> | ||
12 | Cc: qemu-stable@nongnu.org | ||
13 | Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> | ||
14 | Reviewed-by: Michael S. Tsirkin <mst@redhat.com> | ||
15 | Signed-off-by: Jason Wang <jasowang@redhat.com> | ||
16 | |||
17 | CVE: CVE-2024-6505 | ||
18 | Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/f1595ceb9aad36a6c1da95bcb77ab9509b38822d] | ||
19 | Signed-off-by: Peter Marko <peter.marko@siemens.com> | ||
20 | --- | ||
21 | hw/net/virtio-net.c | 3 ++- | ||
22 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
23 | |||
24 | diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c | ||
25 | index 8f30972708..5635620a31 100644 | ||
26 | --- a/hw/net/virtio-net.c | ||
27 | +++ b/hw/net/virtio-net.c | ||
28 | @@ -1949,7 +1949,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, | ||
29 | if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) { | ||
30 | int index = virtio_net_process_rss(nc, buf, size); | ||
31 | if (index >= 0) { | ||
32 | - NetClientState *nc2 = qemu_get_subqueue(n->nic, index); | ||
33 | + NetClientState *nc2 = | ||
34 | + qemu_get_subqueue(n->nic, index % n->curr_queue_pairs); | ||
35 | return virtio_net_receive_rcu(nc2, buf, size, true); | ||
36 | } | ||
37 | } | ||
38 | -- | ||
39 | 2.30.2 | ||
40 | |||