From d5a0396f7b836603a409ab265798de010694815b Mon Sep 17 00:00:00 2001 From: Jon Maloy Date: Mon, 5 Dec 2022 15:32:55 -0500 Subject: [PATCH 2/6] hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: Jon Maloy RH-MergeRequest: 242: hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler RH-Bugzilla: 2152085 RH-Acked-by: Gerd Hoffmann RH-Acked-by: Marc-André Lureau RH-Acked-by: Stefan Hajnoczi RH-Commit: [1/5] 1016976223d919605be9b0ae8a5a71613d9fc19b (jmaloy/jons-qemu-kvm) BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2152085 CVE: CVE-2022-4144 Upstream: Merged commit 61c34fc194b776ecadc39fb26b061331107e5599 Author: Philippe Mathieu-Daudé Date: Mon Nov 28 21:27:37 2022 +0100 hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler Only 3 command types are logged: no need to call qxl_phys2virt() for the other types. Using different cases will help to pass different structure sizes to qxl_phys2virt() in a pair of commits. Reviewed-by: Marc-André Lureau Signed-off-by: Philippe Mathieu-Daudé Signed-off-by: Stefan Hajnoczi Message-Id: <20221128202741.4945-2-philmd@linaro.org> (cherry picked from commit 61c34fc194b776ecadc39fb26b061331107e5599) Signed-off-by: Jon Maloy --- hw/display/qxl-logger.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c index 68bfa47568..1bcf803db6 100644 --- a/hw/display/qxl-logger.c +++ b/hw/display/qxl-logger.c @@ -247,6 +247,16 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) qxl_name(qxl_type, ext->cmd.type), compat ? "(compat)" : ""); + switch (ext->cmd.type) { + case QXL_CMD_DRAW: + break; + case QXL_CMD_SURFACE: + break; + case QXL_CMD_CURSOR: + break; + default: + goto out; + } data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); if (!data) { return 1; @@ -269,6 +279,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext) qxl_log_cmd_cursor(qxl, data, ext->group_id); break; } +out: fprintf(stderr, "\n"); return 0; } -- 2.37.3