diff options
| author |   Armin Kuster <akuster@mvista.com> | 2016-02-06 15:14:55 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-02-07 17:20:58 +0000 |
| commit | 3a7c84952d40f95b0f34bc35eef4490ecc8da07e (patch) | |
| tree | e108d59d054049e71047ffc2a0b6cfecff9b7f76 /meta/recipes-devtools/qemu/qemu/CVE-2015-7295_1.patch | |
| parent | c2361dd9bb663b00dd194cb7fdb0e07d7e1ab5e1 (diff) | |
| download | openembedded-core-3a7c84952d40f95b0f34bc35eef4490ecc8da07e.tar.gz | |
qemu: Security fix CVE-2015-7295
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS
(From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2015-7295_1.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2015-7295_1.patch | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2015-7295_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2015-7295_1.patch new file mode 100644 index 0000000000..bc41c458c4 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2015-7295_1.patch @@ -0,0 +1,63 @@ +From ce317461573bac12b10d67699b4ddf1f97cf066c Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Fri, 25 Sep 2015 13:21:28 +0800 +Subject: [PATCH] virtio: introduce virtqueue_unmap_sg() + +Factor out sg unmapping logic. This will be reused by the patch that +can discard descriptor. + +Cc: Michael S. Tsirkin <mst@redhat.com> +Cc: Andrew James <andrew.james@hpe.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> + +Upstream-Status: Backport + +git.qemu.org/?p=qemu.git;a=commit;h=ce317461573bac12b10d67699b4ddf1f97cf066c + +CVE: CVE-2015-7295 patch #1 +[Yocto # 9013] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/virtio/virtio.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +Index: qemu-2.2.0/hw/virtio/virtio.c +=================================================================== +--- qemu-2.2.0.orig/hw/virtio/virtio.c ++++ qemu-2.2.0/hw/virtio/virtio.c +@@ -240,14 +240,12 @@ int virtio_queue_empty(VirtQueue *vq) + return vring_avail_idx(vq) == vq->last_avail_idx; + } + +-void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem, +- unsigned int len, unsigned int idx) ++static void virtqueue_unmap_sg(VirtQueue *vq, const VirtQueueElement *elem, ++ unsigned int len) + { + unsigned int offset; + int i; + +- trace_virtqueue_fill(vq, elem, len, idx); +- + offset = 0; + for (i = 0; i < elem->in_num; i++) { + size_t size = MIN(len - offset, elem->in_sg[i].iov_len); +@@ -263,6 +261,14 @@ void virtqueue_fill(VirtQueue *vq, const + cpu_physical_memory_unmap(elem->out_sg[i].iov_base, + elem->out_sg[i].iov_len, + 0, elem->out_sg[i].iov_len); ++} ++ ++void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem, ++ unsigned int len, unsigned int idx) ++{ ++ trace_virtqueue_fill(vq, elem, len, idx); ++ ++ virtqueue_unmap_sg(vq, elem, len); + + idx = (idx + vring_used_idx(vq)) % vq->vring.num; + |