fc2ddd6b1c
- kvm-memory-prevent-dma-reentracy-issues.patch [bz#1999236] - kvm-async-Add-an-optional-reentrancy-guard-to-the-BH-API.patch [bz#1999236] - kvm-checkpatch-add-qemu_bh_new-aio_bh_new-checks.patch [bz#1999236] - kvm-hw-replace-most-qemu_bh_new-calls-with-qemu_bh_new_g.patch [bz#1999236] - kvm-lsi53c895a-disable-reentrancy-detection-for-script-R.patch [bz#1999236] - kvm-bcm2835_property-disable-reentrancy-detection-for-io.patch [bz#1999236] - kvm-raven-disable-reentrancy-detection-for-iomem.patch [bz#1999236] - kvm-apic-disable-reentrancy-detection-for-apic-msi.patch [bz#1999236] - kvm-async-avoid-use-after-free-on-re-entrancy-guard.patch [bz#1999236] - kvm-memory-stricter-checks-prior-to-unsetting-engaged_in.patch [bz#1999236] - kvm-lsi53c895a-disable-reentrancy-detection-for-MMIO-reg.patch [bz#1999236] - kvm-hw-scsi-lsi53c895a-Fix-reentrancy-issues-in-the-LSI-.patch [bz#1999236] - kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216203] - kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216203] - kvm-migration-Disable-postcopy-multifd-migration.patch [bz#2169733] - Resolves: bz#1999236 (CVE-2021-3750 virt:rhel/qemu-kvm: QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free [rhel-8]) - Resolves: bz#2216203 ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode) - Resolves: bz#2169733 (Qemu on destination host crashed if migrate with postcopy and multifd enabled)
56 lines
2.0 KiB
Diff
56 lines
2.0 KiB
Diff
From c5cb3e97098834f9cf12b6c5260d9b43d68d64eb Mon Sep 17 00:00:00 2001
|
|
From: Jon Maloy <jmaloy@redhat.com>
|
|
Date: Tue, 9 May 2023 10:29:03 -0400
|
|
Subject: [PATCH 07/15] raven: disable reentrancy detection for iomem
|
|
|
|
RH-Author: Jon Maloy <jmaloy@redhat.com>
|
|
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
|
|
RH-Bugzilla: 1999236
|
|
RH-Acked-by: Thomas Huth <thuth@redhat.com>
|
|
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
RH-Commit: [7/12] f41983390acba68043d386be090172dd17a5e58c (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
|
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
|
|
Upstream: Merged
|
|
CVE: CVE-2021-3750
|
|
|
|
commit 6dad5a6810d9c60ca320d01276f6133bbcfa1fc7
|
|
Author: Alexander Bulekov <alxndr@bu.edu>
|
|
Date: Thu Apr 27 17:10:12 2023 -0400
|
|
|
|
raven: disable reentrancy detection for iomem
|
|
|
|
As the code is designed for re-entrant calls from raven_io_ops to
|
|
pci-conf, mark raven_io_ops as reentrancy-safe.
|
|
|
|
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
|
|
Message-Id: <20230427211013.2994127-8-alxndr@bu.edu>
|
|
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
|
|
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
|
|
---
|
|
hw/pci-host/raven.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
|
|
index 6e514f75eb..245b1653e4 100644
|
|
--- a/hw/pci-host/raven.c
|
|
+++ b/hw/pci-host/raven.c
|
|
@@ -294,6 +294,13 @@ static void raven_pcihost_initfn(Object *obj)
|
|
memory_region_init(&s->pci_memory, obj, "pci-memory", 0x3f000000);
|
|
address_space_init(&s->pci_io_as, &s->pci_io, "raven-io");
|
|
|
|
+ /*
|
|
+ * Raven's raven_io_ops use the address-space API to access pci-conf-idx
|
|
+ * (which is also owned by the raven device). As such, mark the
|
|
+ * pci_io_non_contiguous as re-entrancy safe.
|
|
+ */
|
|
+ s->pci_io_non_contiguous.disable_reentrancy_guard = true;
|
|
+
|
|
/* CPU address space */
|
|
memory_region_add_subregion(address_space_mem, PCI_IO_BASE_ADDR,
|
|
&s->pci_io);
|
|
--
|
|
2.37.3
|
|
|