qemu-kvm/kvm-raven-disable-reentrancy-detection-for-iomem.patch
Jon Maloy fc2ddd6b1c * Thu Jun 29 2023 Jon Maloy <jmaloy@redhat.com> - 6.2.0-36
- kvm-memory-prevent-dma-reentracy-issues.patch [bz#1999236]
- kvm-async-Add-an-optional-reentrancy-guard-to-the-BH-API.patch [bz#1999236]
- kvm-checkpatch-add-qemu_bh_new-aio_bh_new-checks.patch [bz#1999236]
- kvm-hw-replace-most-qemu_bh_new-calls-with-qemu_bh_new_g.patch [bz#1999236]
- kvm-lsi53c895a-disable-reentrancy-detection-for-script-R.patch [bz#1999236]
- kvm-bcm2835_property-disable-reentrancy-detection-for-io.patch [bz#1999236]
- kvm-raven-disable-reentrancy-detection-for-iomem.patch [bz#1999236]
- kvm-apic-disable-reentrancy-detection-for-apic-msi.patch [bz#1999236]
- kvm-async-avoid-use-after-free-on-re-entrancy-guard.patch [bz#1999236]
- kvm-memory-stricter-checks-prior-to-unsetting-engaged_in.patch [bz#1999236]
- kvm-lsi53c895a-disable-reentrancy-detection-for-MMIO-reg.patch [bz#1999236]
- kvm-hw-scsi-lsi53c895a-Fix-reentrancy-issues-in-the-LSI-.patch [bz#1999236]
- kvm-target-i386-add-support-for-FLUSH_L1D-feature.patch [bz#2216203]
- kvm-target-i386-add-support-for-FB_CLEAR-feature.patch [bz#2216203]
- kvm-migration-Disable-postcopy-multifd-migration.patch [bz#2169733]
- Resolves: bz#1999236
  (CVE-2021-3750 virt:rhel/qemu-kvm: QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free [rhel-8])
- Resolves: bz#2216203
  ([qemu-kvm]VM reports vulnerabilty to mmio_stale_data on patched host with microcode)
- Resolves: bz#2169733
  (Qemu on destination host crashed if migrate with postcopy and multifd enabled)
2023-06-29 21:05:35 +00:00

56 lines
2.0 KiB
Diff

From c5cb3e97098834f9cf12b6c5260d9b43d68d64eb Mon Sep 17 00:00:00 2001
From: Jon Maloy <jmaloy@redhat.com>
Date: Tue, 9 May 2023 10:29:03 -0400
Subject: [PATCH 07/15] raven: disable reentrancy detection for iomem
RH-Author: Jon Maloy <jmaloy@redhat.com>
RH-MergeRequest: 277: memory: prevent dma-reentracy issues
RH-Bugzilla: 1999236
RH-Acked-by: Thomas Huth <thuth@redhat.com>
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
RH-Commit: [7/12] f41983390acba68043d386be090172dd17a5e58c (redhat/rhel/src/qemu-kvm/jons-qemu-kvm-2)
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
Upstream: Merged
CVE: CVE-2021-3750
commit 6dad5a6810d9c60ca320d01276f6133bbcfa1fc7
Author: Alexander Bulekov <alxndr@bu.edu>
Date: Thu Apr 27 17:10:12 2023 -0400
raven: disable reentrancy detection for iomem
As the code is designed for re-entrant calls from raven_io_ops to
pci-conf, mark raven_io_ops as reentrancy-safe.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20230427211013.2994127-8-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
hw/pci-host/raven.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c
index 6e514f75eb..245b1653e4 100644
--- a/hw/pci-host/raven.c
+++ b/hw/pci-host/raven.c
@@ -294,6 +294,13 @@ static void raven_pcihost_initfn(Object *obj)
memory_region_init(&s->pci_memory, obj, "pci-memory", 0x3f000000);
address_space_init(&s->pci_io_as, &s->pci_io, "raven-io");
+ /*
+ * Raven's raven_io_ops use the address-space API to access pci-conf-idx
+ * (which is also owned by the raven device). As such, mark the
+ * pci_io_non_contiguous as re-entrancy safe.
+ */
+ s->pci_io_non_contiguous.disable_reentrancy_guard = true;
+
/* CPU address space */
memory_region_add_subregion(address_space_mem, PCI_IO_BASE_ADDR,
&s->pci_io);
--
2.37.3