]> git.ipfire.org Git - thirdparty/qemu.git/commitdiff
projects / thirdparty / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e7c2df3)
hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
authorPhilippe Mathieu-Daudé <philmd@linaro.org>
Thu, 4 Apr 2024 18:56:41 +0000 (20:56 +0200)
committerMichael Tokarev <mjt@tls.msk.ru>
Wed, 10 Apr 2024 16:27:04 +0000 (19:27 +0300)
Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
so the bus and device use the same guard. Otherwise the
DMA-reentrancy protection can be bypassed.

Fixes: CVE-2024-3446
Cc: qemu-stable@nongnu.org
Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20240409105537.18308-5-philmd@linaro.org>
(cherry picked from commit f4729ec39ad97a42ceaa7b5697f84f440ea6e5dc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
hw/virtio/virtio-crypto.c patch | blob | blame | history

diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
index b2e0646d9a3f9d5376e1eaf50af5934dd53647f4..ce995c66d86e5ac686407ff219117c46be5b39eb 100644 (file)
--- a/hw/virtio/virtio-crypto.c
+++ b/hw/virtio/virtio-crypto.c
@@ -1057,8 +1057,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
         vcrypto->vqs[i].dataq =
                  virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
         vcrypto->vqs[i].dataq_bh =
-                 qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i],
-                                     &dev->mem_reentrancy_guard);
+                 virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh,
+                                       &vcrypto->vqs[i]);
         vcrypto->vqs[i].vcrypto = vcrypto;
     }
 
Mirror of https://git.qemu.org/git/qemu.git