Revision - fbeb0a1 - hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs

Revision fbeb0a160cbcc067c0e1f0d380cea4a31de213e3 authored by Philippe Mathieu-Daudé on 04 April 2024, 18:56:35 UTC, committed by Michael Tokarev on 10 April 2024, 17:32:12 UTC

hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs

Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
so the bus and device use the same guard. Otherwise the
DMA-reentrancy protection can be bypassed.

Fixes: CVE-2024-3446
Cc: qemu-stable@nongnu.org
Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20240409105537.18308-4-philmd@linaro.org>
(cherry picked from commit b4295bff25f7b50de1d9cc94a9c6effd40056bca)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

1 parent 1b2a527

Files
Changes

Permalinks

File	Mode	Size
ebpf
meson.build	-rw-r--r--	0 bytes

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...