qemu/net at 52200a311a5e09da5349127d88c5db2eef81be13 - qemu

History

Zheyu Ma f1df0e425a net: tulip: Restrict DMA engine to memories Commit-Id: `36a894aeb6` Bug-Debian: https://bugs.debian.org/1018055 The DMA engine is started by I/O access and then itself accesses the I/O registers, triggering a reentrancy bug. The following log can reveal it: ==5637==ERROR: AddressSanitizer: stack-overflow #0 0x5595435f6078 in tulip_xmit_list_update qemu/hw/net/tulip.c:673 #1 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13 #2 0x559544637f86 in memory_region_write_accessor qemu/softmmu/memory.c:492:5 #3 0x5595446379fa in access_with_adjusted_size qemu/softmmu/memory.c:554:18 #4 0x5595446372fa in memory_region_dispatch_write qemu/softmmu/memory.c #5 0x55954468b74c in flatview_write_continue qemu/softmmu/physmem.c:2825:23 #6 0x559544683662 in flatview_write qemu/softmmu/physmem.c:2867:12 #7 0x5595446833f3 in address_space_write qemu/softmmu/physmem.c:2963:18 #8 0x5595435fb082 in dma_memory_rw_relaxed qemu/include/sysemu/dma.h:87:12 #9 0x5595435fb082 in dma_memory_rw qemu/include/sysemu/dma.h:130:12 #10 0x5595435fb082 in dma_memory_write qemu/include/sysemu/dma.h:171:12 #11 0x5595435fb082 in stl_le_dma qemu/include/sysemu/dma.h:272:1 #12 0x5595435fb082 in stl_le_pci_dma qemu/include/hw/pci/pci.h:910:1 #13 0x5595435fb082 in tulip_desc_write qemu/hw/net/tulip.c:101:9 #14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9 #15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13 Fix this bug by restricting the DMA engine to memories regions. Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Gbp-Pq: Name tulip-restrict-DMA-engine-to-memories-CVE-2022-2962.patch Signed-off-by: Cong Liu <liucong2@kylinos.cn>		2022-11-09 22:24:24 +08:00
..
can	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
fsl_etsec	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
rocker	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
Kconfig	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
allwinner-sun8i-emac.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
allwinner_emac.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
cadence_gem.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
dp8393x.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000_regs.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000e.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000e_core.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000e_core.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000x_common.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
e1000x_common.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
eepro100.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
etraxfs_eth.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
ftgmac100.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
i82596.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
i82596.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
imx_fec.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
lan9118.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
lance.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
lasi_i82596.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
mcf_fec.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
meson.build	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
mipsnet.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
msf2-emac.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
mv88w8618_eth.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
ne2000-isa.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
ne2000-pci.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
ne2000.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
ne2000.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
net_rx_pkt.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
net_rx_pkt.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
net_tx_pkt.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
net_tx_pkt.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
npcm7xx_emc.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
opencores_eth.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
pcnet-pci.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
pcnet.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
pcnet.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
rtl8139.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
smc91c111.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
spapr_llan.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
stellaris_enet.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
sungem.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
sunhme.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
trace-events	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
trace.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
tulip.c	net: tulip: Restrict DMA engine to memories	2022-11-09 22:24:24 +08:00
tulip.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vhost_net-stub.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vhost_net.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
virtio-net.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vmware_utils.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vmxnet3.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vmxnet3.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vmxnet3_defs.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
vmxnet_debug.h	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
xen_nic.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
xgmac.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
xilinx_axienet.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00
xilinx_ethlite.c	New upstream version 7.1.0	2022-11-03 14:19:34 +08:00