| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
 Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic()
 
To: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>From: BALATON Zoltan <balaton@xxxxxxxxxx>Date: Fri, 26 Apr 2024 18:02:54 +0200 (CEST)Cc: Akihiko Odaki <akihiko.odaki@xxxxxxxxxx>, Thomas Huth <th.huth@xxxxxxxxx>,     Prasad Pandit <pj.pandit@xxxxxxxx>,     Mauro Matteo Cascella <mcascell@xxxxxxxxxx>,     Alexander Bulekov <alxndr@xxxxxx>,     Dmitry Fleytman <dmitry.fleytman@xxxxxxxxx>,     Beniamino Galvani <b.galvani@xxxxxxxxx>,     Peter Maydell <peter.maydell@xxxxxxxxxx>,     Strahinja Jankovic <strahinja.p.jankovic@xxxxxxxxx>,     Jason Wang <jasowang@xxxxxxxxxx>,     "Edgar E. Iglesias" <edgar.iglesias@xxxxxxxxx>,     Alistair Francis <alistair@xxxxxxxxxxxxx>, Stefan Weil <sw@xxxxxxxxxxx>,     Cédric Le Goater <clg@xxxxxxxx>,     Andrew Jeffery <andrew@xxxxxxxx>, Joel Stanley <joel@xxxxxxxxx>,     Richard Henderson <richard.henderson@xxxxxxxxxx>,     Helge Deller <deller@xxxxxx>,     Sriram Yagnaraman <sriram.yagnaraman@xxxxxxxx>,     Thomas Huth <huth@xxxxxxxxxxxxx>,     Aleksandar Rikalo <aleksandar.rikalo@xxxxxxxxxx>,     Subbaraya Sundeep <sundeep.lkml@xxxxxxxxx>, Jan Kiszka <jan.kiszka@xxxxxx>,     Tyrone Ting <kfting@xxxxxxxxxxx>, Hao Wu <wuhaotsh@xxxxxxxxxx>,     Max Filippov <jcmvbkbc@xxxxxxxxx>, Jiri Pirko <jiri@xxxxxxxxxxx>,     Daniel Henrique Barboza <danielhb413@xxxxxxxxx>,     David Gibson <david@xxxxxxxxxxxxxxxxxxxxx>, Greg Kurz <groug@xxxxxxxx>,     Harsh Prateek Bora <harshpb@xxxxxxxxxxxxx>,     Sven Schnelle <svens@xxxxxxxxxxxxxx>,     "Michael S. Tsirkin" <mst@xxxxxxxxxx>,     Stefano Stabellini <sstabellini@xxxxxxxxxx>,     Anthony Perard <anthony.perard@xxxxxxxxxx>, Paul Durrant <paul@xxxxxxx>,     Rob Herring <robh@xxxxxxxxxx>, Gerd Hoffmann <kraxel@xxxxxxxxxx>,     "qemu-arm@xxxxxxxxxx" <qemu-arm@xxxxxxxxxx>,     "qemu-devel@xxxxxxxxxx" <qemu-devel@xxxxxxxxxx>,     "qemu-ppc@xxxxxxxxxx" <qemu-ppc@xxxxxxxxxx>,     "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>Delivery-date: Fri, 26 Apr 2024 16:03:17 +0000List-id: Xen developer discussion <xen-devel.lists.xenproject.org> 
 
On Fri, 26 Apr 2024, Philippe Mathieu-Daudé wrote:
 
On 26/4/24 14:37, Akihiko Odaki wrote:
 
On 2024/04/24 21:32, Thomas Huth wrote:
 
On 24/04/2024 12.41, Prasad Pandit wrote:
 On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe Mathieu-Daudé 
wrote:
On 1/6/23 05:18, Akihiko Odaki wrote:
 
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update 
it 
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().
 
An user on IRC asked if this patch is related/fixing CVE-2021-20255,
any clue?
 
* CVE-2021-20255 bug: infinite recursion is pointing at a different fix 
patch. 
   -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255
* And the this patch below has different issue tagged
-> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html
   Fixes: CVE-2023-3019
* They look different, former is an infinite recursion issue and the 
latter is a use-after-free one. 
I assume the eepro reentrancy issue has been fixed with:
  https://gitlab.com/qemu-project/qemu/-/issues/556
  i.e.:
  https://gitlab.com/qemu-project/qemu/-/commit/c40ca2301c7603524eaddb5308a3
 
I agree. Commit c40ca2301c7603524eaddb5308a3 should be what fixed 
CVE-2021-20255, not this patch.
 
Thank you all for clarifying!
 
$ git log -p c40ca2301c7603524eaddb5308a3 --
fatal: bad revision 'c40ca2301c7603524eaddb5308a3'
It seems to actually be commit a2e1753b8054344f32cf94f31c6399a58794a380
Regards,
BALATON Zoltan 
 |