1 files changed, 41 insertions, 0 deletions

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch
new file mode 100644
index 0000000000..f4a985604e
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2021-3416_9.patch
@@ -0,0 +1,41 @@
+From ecf7e62bb2cb02c9bd40082504ae376f3e19ffd2 Mon Sep 17 00:00:00 2001
+From: Alexander Bulekov <alxndr@bu.edu>
+Date: Mon, 1 Mar 2021 14:33:43 -0500
+Subject: [PATCH 09/10] cadence_gem: switch to use qemu_receive_packet() for
+ loopback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch switches to use qemu_receive_packet() which can detect
+reentrancy and return early.
+
+This is intended to address CVE-2021-3416.
+
+Cc: Prasad J Pandit <ppandit@redhat.com>
+Cc: qemu-stable@nongnu.org
+Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
+Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+
+Upstream-Status: Backport [e73adfbeec9d4e008630c814759052ed945c3fed]
+CVE: CVE-2021-3416
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ hw/net/cadence_gem.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+Index: qemu-4.2.0/hw/net/cadence_gem.c
+===================================================================
+--- qemu-4.2.0.orig/hw/net/cadence_gem.c
++++ qemu-4.2.0/hw/net/cadence_gem.c
+@@ -1225,7 +1225,7 @@ static void gem_transmit(CadenceGEMState
+                 /* Send the packet somewhere */
+                 if (s->phy_loop || (s->regs[GEM_NWCTRL] &
+                                     GEM_NWCTRL_LOCALLOOP)) {
+-                    gem_receive(qemu_get_queue(s->nic), tx_packet,
++                    qemu_receive_packet(qemu_get_queue(s->nic), tx_packet,
+                                 total_bytes);
+                 } else {
+                     qemu_send_packet(qemu_get_queue(s->nic), tx_packet,