openkylin
/
qemu
mirror of https://gitee.com/openkylin/qemu.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

[PATCH v3] hw/pvrdma: Protect against buggy or malicious guest driver 

Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
Bug-Debian: https://bugs.debian.org/1014589

Guest driver might execute HW commands when shared buffers are not yet
allocated.
This could happen on purpose (malicious guest) or because of some other
guest/host address mapping error.
We need to protect againts such case.

Fixes: CVE-2022-1050

Reported-by: Raven <wxhusst@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>

Gbp-Pq: Name hw-pvrdma-protect-against-guest-driver-CVE-2022-1050.patch
Signed-off-by: Cong Liu <liucong2@kylinos.cn>
This commit is contained in:
Yuval Shaia 2022-04-03 12:52:34 +03:00 committed by Cong Liu
parent f1df0e425a
commit 7ba83d0ae4
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hw/rdma/vmw/pvrdma_cmd.c
View File

@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
dsr_info = &dev->dsr_info;
if (!dsr_info->dsr) {
/* Buggy or malicious guest driver */
rdma_error_report("Exec command without dsr, req or rsp buffers");
goto out;
}
if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
sizeof(struct cmd_handler)) {
rdma_error_report("Unsupported command");