| Message ID | 1398690327-7838-6-git-send-email-mst@redhat.com |
|---|---|
| State | New |
| Headers | show |
On 28 April 2014 14:08, Michael S. Tsirkin <mst@redhat.com> wrote: > Incoming migration with stellaris_enet is unsafe. > It's being reworked, but for now, simply block it > since noone is using it anyway. > Block outgoing migration for good measure. > > CVE-2013-4532 > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com> > --- > hw/net/stellaris_enet.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) This is going to clash with the stellaris patches I just sent out, so I don't really want to apply it to master. You could apply it just to stable if you like, I suppose, but personally I wouldn't bother. thanks -- PMM
On Mon, Apr 28, 2014 at 04:08:26PM +0300, Michael S. Tsirkin wrote: > Incoming migration with stellaris_enet is unsafe. > It's being reworked, but for now, simply block it > since noone is using it anyway. > Block outgoing migration for good measure. > > CVE-2013-4532 > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Note: this one is here so we can backport it to qemu-stable. 2.1 will have the code rewritten so no real need for this patch. > --- > hw/net/stellaris_enet.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c > index d04e6a4..3b2f83f 100644 > --- a/hw/net/stellaris_enet.c > +++ b/hw/net/stellaris_enet.c > @@ -8,6 +8,7 @@ > */ > #include "hw/sysbus.h" > #include "net/net.h" > +#include "migration/migration.h" > #include <zlib.h> > > //#define DEBUG_STELLARIS_ENET 1 > @@ -75,6 +76,7 @@ typedef struct { > NICConf conf; > qemu_irq irq; > MemoryRegion mmio; > + Error *migration_blocker; > } stellaris_enet_state; > > static void stellaris_enet_update(stellaris_enet_state *s) > @@ -360,7 +362,7 @@ static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id) > stellaris_enet_state *s = (stellaris_enet_state *)opaque; > int i; > > - if (version_id != 1) > + if (1) > return -EINVAL; > > s->ris = qemu_get_be32(f); > @@ -421,6 +423,10 @@ static int stellaris_enet_init(SysBusDevice *sbd) > stellaris_enet_reset(s); > register_savevm(dev, "stellaris_enet", -1, 1, > stellaris_enet_save, stellaris_enet_load, s); > + > + error_setg(&s->migration_blocker, > + "stellaris_enet does not support migration"); > + migrate_add_blocker(s->migration_blocker); > return 0; > } > > @@ -428,6 +434,9 @@ static void stellaris_enet_unrealize(DeviceState *dev, Error **errp) > { > stellaris_enet_state *s = STELLARIS_ENET(dev); > > + migrate_del_blocker(s->migration_blocker); > + error_free(s->migration_blocker); > + > unregister_savevm(DEVICE(s), "stellaris_enet", s); > > memory_region_destroy(&s->mmio); > -- > MST >
On Mon, Apr 28, 2014 at 02:09:50PM +0100, Peter Maydell wrote: > On 28 April 2014 14:08, Michael S. Tsirkin <mst@redhat.com> wrote: > > Incoming migration with stellaris_enet is unsafe. > > It's being reworked, but for now, simply block it > > since noone is using it anyway. > > Block outgoing migration for good measure. > > > > CVE-2013-4532 > > > > Signed-off-by: Michael S. Tsirkin <mst@redhat.com> > > --- > > hw/net/stellaris_enet.c | 11 ++++++++++- > > 1 file changed, 10 insertions(+), 1 deletion(-) > > This is going to clash with the stellaris patches > I just sent out, so I don't really want to apply it > to master. Yes 5/5 is just for stable, sorry about the confusion. > You could apply it just to stable if you > like, I suppose, but personally I wouldn't bother. > > thanks > -- PMM I'll leave that for mdroth to decide - he was the one that reported the original CVE.
diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index d04e6a4..3b2f83f 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -8,6 +8,7 @@ */ #include "hw/sysbus.h" #include "net/net.h" +#include "migration/migration.h" #include <zlib.h> //#define DEBUG_STELLARIS_ENET 1 @@ -75,6 +76,7 @@ typedef struct { NICConf conf; qemu_irq irq; MemoryRegion mmio; + Error *migration_blocker; } stellaris_enet_state; static void stellaris_enet_update(stellaris_enet_state *s) @@ -360,7 +362,7 @@ static int stellaris_enet_load(QEMUFile *f, void *opaque, int version_id) stellaris_enet_state *s = (stellaris_enet_state *)opaque; int i; - if (version_id != 1) + if (1) return -EINVAL; s->ris = qemu_get_be32(f); @@ -421,6 +423,10 @@ static int stellaris_enet_init(SysBusDevice *sbd) stellaris_enet_reset(s); register_savevm(dev, "stellaris_enet", -1, 1, stellaris_enet_save, stellaris_enet_load, s); + + error_setg(&s->migration_blocker, + "stellaris_enet does not support migration"); + migrate_add_blocker(s->migration_blocker); return 0; } @@ -428,6 +434,9 @@ static void stellaris_enet_unrealize(DeviceState *dev, Error **errp) { stellaris_enet_state *s = STELLARIS_ENET(dev); + migrate_del_blocker(s->migration_blocker); + error_free(s->migration_blocker); + unregister_savevm(DEVICE(s), "stellaris_enet", s); memory_region_destroy(&s->mmio);
Incoming migration with stellaris_enet is unsafe. It's being reworked, but for now, simply block it since noone is using it anyway. Block outgoing migration for good measure. CVE-2013-4532 Signed-off-by: Michael S. Tsirkin <mst@redhat.com> --- hw/net/stellaris_enet.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)