bc7b2dfda0
hw/rdma: Fix possible mremap overflow in the pvrdma device (CVE-2021-3582) pvrdma: Ensure correct input on ring init (CVE-2021-3607) pvrdma: Fix the ring init error flow (CVE-2021-3608) Signed-off-by: yezengruan <yezengruan@huawei.com>
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From ad63c75ceea0b9d6fe1dbb008cad41527a29f923 Mon Sep 17 00:00:00 2001
|
|
From: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
|
|
Date: Wed, 30 Jun 2021 14:52:46 +0300
|
|
Subject: [PATCH 3/3] pvrdma: Fix the ring init error flow (CVE-2021-3608)
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Do not unmap uninitialized dma addresses.
|
|
|
|
Fixes: CVE-2021-3608
|
|
Reviewed-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
|
|
Tested-by: VictorV (Kunlun Lab) <vv474172261@gmail.com>
|
|
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
|
|
Message-Id: <20210630115246.2178219-1-marcel@redhat.com>
|
|
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
|
|
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
|
|
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
Signed-off-by: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
|
|
cherry-pick from: 66ae37d8cc313f89272e711174a846a229bcdbd3
|
|
Signed-off-by: yezengruan <yezengruan@huawei.com>
|
|
---
|
|
hw/rdma/vmw/pvrdma_dev_ring.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/rdma/vmw/pvrdma_dev_ring.c b/hw/rdma/vmw/pvrdma_dev_ring.c
|
|
index d7bc7f5ccc..2a620ad5bc 100644
|
|
--- a/hw/rdma/vmw/pvrdma_dev_ring.c
|
|
+++ b/hw/rdma/vmw/pvrdma_dev_ring.c
|
|
@@ -41,7 +41,7 @@ int pvrdma_ring_init(PvrdmaRing *ring, const char *name, PCIDevice *dev,
|
|
atomic_set(&ring->ring_state->cons_head, 0);
|
|
*/
|
|
ring->npages = npages;
|
|
- ring->pages = g_malloc(npages * sizeof(void *));
|
|
+ ring->pages = g_malloc0(npages * sizeof(void *));
|
|
|
|
for (i = 0; i < npages; i++) {
|
|
if (!tbl[i]) {
|
|
--
|
|
2.27.0
|
|
|