diff options
Diffstat (limited to 'poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-1.patch')
-rw-r--r-- | poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-1.patch | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-1.patch b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-1.patch new file mode 100644 index 0000000000..e898c20767 --- /dev/null +++ b/poky/meta/recipes-devtools/qemu/qemu/CVE-2021-3750-1.patch @@ -0,0 +1,59 @@ +From b9d383ab797f54ae5fa8746117770709921dc529 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com> +Date: Wed, 15 Dec 2021 19:24:19 +0100 +Subject: [PATCH] hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +Quoting Peter Maydell: + + "These MEMTX_* aren't from the memory transaction + API functions; they're just being used by gicd_readl() and + friends as a way to indicate a success/failure so that the + actual MemoryRegionOps read/write fns like gicv3_dist_read() + can log a guest error." + +We are going to introduce more MemTxResult bits, so it is +safer to check for !MEMTX_OK rather than MEMTX_ERROR. + +Reviewed-by: Peter Xu <peterx@redhat.com> +Reviewed-by: David Hildenbrand <david@redhat.com> +Reviewed-by: Peter Maydell <peter.maydell@linaro.org> +Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> +Signed-off-by: Philippe Mathieu-DaudÃf© <philmd@redhat.com> +Signed-off-by: Peter Maydell <peter.maydell@linaro.org> +Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> + +CVE: CVE-2021-3750 + +Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=b9d383ab797f54ae5fa8746117770709921dc529] +--- + hw/intc/arm_gicv3_redist.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/hw/intc/arm_gicv3_redist.c b/hw/intc/arm_gicv3_redist.c +index c8ff3ec..99b11ca 100644 +--- a/hw/intc/arm_gicv3_redist.c ++++ b/hw/intc/arm_gicv3_redist.c +@@ -462,7 +462,7 @@ MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data, + break; + } + +- if (r == MEMTX_ERROR) { ++ if (r != MEMTX_OK) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid guest read at offset " TARGET_FMT_plx + " size %u\n", __func__, offset, size); +@@ -521,7 +521,7 @@ MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data, + break; + } + +- if (r == MEMTX_ERROR) { ++ if (r != MEMTX_OK) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: invalid guest write at offset " TARGET_FMT_plx + " size %u\n", __func__, offset, size); +-- +1.8.3.1 + |