mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a2efa1fac4
qemu/hw
History
Yuval Shaia a2efa1fac4 hw/pvrdma: Protect against buggy or malicious guest driver 
Guest driver might execute HW commands when shared buffers are not yet
allocated.
This could happen on purpose (malicious guest) or because of some other
guest/host address mapping error.
We need to protect againts such case.

Fixes: CVE-2022-1050

Reported-by: Raven <wxhusst@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
(cherry picked from commit 31c4b6fb02)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-03-30 12:19:04 +03:00
..
9pfs
acpi acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block 2023-03-29 10:20:04 +03:00
adc
alpha
arm pci,pc,virtio: features, tests, fixes, cleanups 2022-11-07 18:43:56 -05:00
audio hw/audio/intel-hda: Drop unnecessary prototype 2022-11-23 12:30:45 +01:00
avr
block hw/virtio: generalise CHR_EVENT_CLOSED handling 2022-12-01 02:30:13 -05:00
char
core virtio-rng-pci: fix transitional migration compat for vectors 2023-03-29 10:20:04 +03:00
cpu
cris
cxl hw/cxl/cdat: CXL CDAT Data Object Exchange implementation 2022-11-07 13:12:19 -05:00
display hw/display/next-fb: Fix comment typo 2022-12-03 22:07:07 +01:00
dma
gpio
hppa
hyperv
i2c
i386 intel-iommu: fail DEVIOTLB_UNMAP without dt mode 2023-03-29 10:20:04 +03:00
ide hw/ppc/mac.h: Rename to include/hw/nvram/mac_nvram.h 2022-10-31 18:48:23 +00:00
input
intc hw/intc: add implementation of GICD_IIDR to Arm GIC 2022-11-21 11:45:13 +00:00
ipack
ipmi
isa acpi: x86: move RPQx field back to _SB scope 2022-11-22 05:19:00 -05:00
loongarch Revert "hw/loongarch/virt: Add cfi01 pflash device" 2022-12-05 11:24:35 -05:00
m68k
mem hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange 2022-11-07 13:12:19 -05:00
microblaze
mips hw/mips/malta: Use bootloader helper to set BAR registers 2022-10-31 11:32:56 +01:00
misc mac_nvram: Use NVRAM_SIZE constant 2022-10-31 18:48:23 +00:00
net hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value 2023-03-30 12:19:04 +03:00
nios2
nubus
nvme hw/nvme: fix missing cq eventidx update 2023-03-29 10:20:04 +03:00
nvram Revert "x86: return modified setup_data only if read as memory, not as file" 2023-03-29 10:20:04 +03:00
openrisc
pci msix: Assert that specified vector is in range 2022-11-07 14:08:17 -05:00
pci-bridge hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE 2022-11-07 13:12:19 -05:00
pci-host hw/pci-host/pnv_phb: Avoid quitting QEMU if hotplug of pnv-phb-root-port fails 2022-11-10 18:22:10 -03:00
pcmcia
ppc mac_newworld: Turn CORE99_VIA_CONFIG defines into an enum 2022-10-31 18:48:23 +00:00
rdma hw/pvrdma: Protect against buggy or malicious guest driver 2023-03-30 12:19:04 +03:00
remote msix: Assert that specified vector is in range 2022-11-07 14:08:17 -05:00
riscv
rtc
rx
s390x s390x: Fix spelling errors 2022-11-16 10:15:26 +01:00
scsi vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
sd hw/sd: Fix sun4i allwinner-sdhost for U-Boot 2022-11-21 11:45:12 +00:00
sensor
sh4
smbios hw/smbios: fix field corruption in type 4 table 2023-03-29 10:20:04 +03:00
sparc
sparc64
ssi
timer hw/timer/hpet: Fix expiration time overflow 2023-03-29 10:20:04 +03:00
tpm
tricore
usb hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset() 2022-11-23 12:28:51 +01:00
vfio pci,pc,virtio: features, tests, fixes, cleanups 2022-11-07 18:43:56 -05:00
virtio vhost: avoid a potential use of an uninitialized variable in vhost_svq_poll() 2023-03-29 10:20:04 +03:00
watchdog
xen xen/pt: fix syntax error that causes FTBFS in some configurations 2022-11-05 20:35:45 +01:00
xenpv
xtensa
Kconfig
meson.build