Google Git
Sign in
qemu / qemu / 31c4b6fb0293e359f9ef8a61892667e76eea4c99
commit31c4b6fb0293e359f9ef8a61892667e76eea4c99[log] [tgz]
authorYuval Shaia <yuval.shaia.ml@gmail.com>Sun Apr 03 12:52:34 2022 +0300
committerLaurent Vivier <laurent@vivier.eu>Mon Jan 16 18:49:38 2023 +0100
tree166238b28d80f3fd481719f84364710830f766f3
parentdaa500cab6a4f8fdaa1a0689a5d39a6b67213801 [diff]
hw/pvrdma: Protect against buggy or malicious guest driver

Guest driver might execute HW commands when shared buffers are not yet
allocated.
This could happen on purpose (malicious guest) or because of some other
guest/host address mapping error.
We need to protect againts such case.

Fixes: CVE-2022-1050

Reported-by: Raven <wxhusst@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
1 file changed
tree: 166238b28d80f3fd481719f84364710830f766f3
  1. .github/
  2. .gitlab/
  3. .gitlab-ci.d/
  4. accel/
  5. audio/
  6. authz/
  7. backends/
  8. block/
  9. bsd-user/
  10. chardev/
  11. common-user/
  12. configs/
  13. contrib/
  14. crypto/
  15. disas/
  16. docs/
  17. dump/
  18. ebpf/
  19. fpu/
  20. fsdev/
  21. gdb-xml/
  22. gdbstub/
  23. hw/
  24. include/
  25. io/
  26. libdecnumber/
  27. linux-headers/
  28. linux-user/
  29. migration/
  30. monitor/
  31. nbd/
  32. net/
  33. pc-bios/
  34. plugins/
  35. po/
  36. python/
  37. qapi/
  38. qga/
  39. qobject/
  40. qom/
  41. replay/
  42. roms/
  43. scripts/
  44. scsi/
  45. semihosting/
  46. softmmu/
  47. storage-daemon/
  48. stubs/
  49. subprojects/
  50. target/
  51. tcg/
  52. tests/
  53. tools/
  54. trace/
  55. ui/
  56. util/
  57. dtc
  58. meson
  59. .cirrus.yml
  60. .dir-locals.el
  61. .editorconfig
  62. .exrc
  63. .gdbinit
  64. .gitattributes
  65. .gitignore
  66. .gitlab-ci.yml
  67. .gitmodules
  68. .gitpublish
  69. .mailmap
  70. .patchew.yml
  71. .readthedocs.yml
  72. .travis.yml
  73. block.c
  74. blockdev-nbd.c
  75. blockdev.c
  76. blockjob.c
  77. configure
  78. COPYING
  79. COPYING.LIB
  80. cpu.c
  81. cpus-common.c
  82. disas.c
  83. event-loop-base.c
  84. gitdm.config
  85. hmp-commands-info.hx
  86. hmp-commands.hx
  87. iothread.c
  88. job-qmp.c
  89. job.c
  90. Kconfig
  91. Kconfig.host
  92. LICENSE
  93. MAINTAINERS
  94. Makefile
  95. memory_ldst.c.inc
  96. meson.build
  97. meson_options.txt
  98. module-common.c
  99. os-posix.c
  100. os-win32.c
  101. page-vary-common.c
  102. page-vary.c
  103. qemu-bridge-helper.c
  104. qemu-edid.c
  105. qemu-img-cmds.hx
  106. qemu-img.c
  107. qemu-io-cmds.c
  108. qemu-io.c
  109. qemu-keymap.c
  110. qemu-nbd.c
  111. qemu-options.hx
  112. qemu.nsi
  113. qemu.sasl
  114. README.rst
  115. replication.c
  116. trace-events
  117. VERSION
  118. version.rc