diff options
| author |   Armin Kuster <akuster@mvista.com> | 2016-01-29 12:35:21 -0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-01-30 12:08:37 +0000 |
| commit | 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f (patch) | |
| tree | 5f7b9852fa0d582de0406c3491645f446e301a59 /meta/recipes-devtools/qemu/qemu/CVE-2015-7295_2.patch | |
| parent | 166c19df8be28da255cc68032e2d11afc59d4197 (diff) | |
| download | openembedded-core-contrib-74771f8c41aaede0ddfb86983c6841bd1f1c1f0f.tar.gz | |
qemu: Security fix CVE-2015-7295
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2015-7295_2.patch')
| -rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2015-7295_2.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2015-7295_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2015-7295_2.patch new file mode 100644 index 0000000000..45dfab36ef --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2015-7295_2.patch @@ -0,0 +1,58 @@ +From 29b9f5efd78ae0f9cc02dd169b6e80d2c404bade Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Fri, 25 Sep 2015 13:21:29 +0800 +Subject: [PATCH] virtio: introduce virtqueue_discard() + +This patch introduces virtqueue_discard() to discard a descriptor and +unmap the sgs. This will be used by the patch that will discard +descriptor when packet is truncated. + +Cc: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +Upstream-Status: Backport + +git.qemu.org/?p=qemu.git;a=commit;h=29b9f5efd78ae0f9cc02dd169b6e80d2c404bade + +CVE: CVE-2015-7295 patch #2 +[Yocto # 9013] + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + hw/virtio/virtio.c | 7 +++++++ + include/hw/virtio/virtio.h | 2 ++ + 2 files changed, 9 insertions(+) + +Index: qemu-2.4.0/hw/virtio/virtio.c +=================================================================== +--- qemu-2.4.0.orig/hw/virtio/virtio.c ++++ qemu-2.4.0/hw/virtio/virtio.c +@@ -266,6 +266,13 @@ static void virtqueue_unmap_sg(VirtQueue + 0, elem->out_sg[i].iov_len); + } + ++void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem, ++ unsigned int len) ++{ ++ vq->last_avail_idx--; ++ virtqueue_unmap_sg(vq, elem, len); ++} ++ + void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem, + unsigned int len, unsigned int idx) + { +Index: qemu-2.4.0/include/hw/virtio/virtio.h +=================================================================== +--- qemu-2.4.0.orig/include/hw/virtio/virtio.h ++++ qemu-2.4.0/include/hw/virtio/virtio.h +@@ -146,6 +146,8 @@ void virtio_del_queue(VirtIODevice *vdev + void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem, + unsigned int len); + void virtqueue_flush(VirtQueue *vq, unsigned int count); ++void virtqueue_discard(VirtQueue *vq, const VirtQueueElement *elem, ++ unsigned int len); + void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem, + unsigned int len, unsigned int idx); + |