代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/qemu 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From f14ea0bd2596f94ad926009411b8ffda9c2c2cda Mon Sep 17 00:00:00 2001
From: jiangdongxu <jiangdongxu1@huawei.com>
Date: Thu, 10 Feb 2022 22:42:23 +0800
Subject: [PATCH] bugfix: fix mmio information leak and ehci vm escape 0-day
vulnerability
Signed-off-by: Yutao Ai <aiyutao@huawei.com>
Signed-off-by: jiangdongxu <jiangdongxu1@huawei.com>
---
hw/usb/core.c | 20 ++++++++++++++++++--
hw/usb/hcd-ehci.c | 2 ++
2 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/hw/usb/core.c b/hw/usb/core.c
index 51b36126ca..a62826e051 100644
--- a/hw/usb/core.c
+++ b/hw/usb/core.c
@@ -206,7 +206,15 @@ static void do_token_in(USBDevice *s, USBPacket *p)
case SETUP_STATE_DATA:
if (s->setup_buf[0] & USB_DIR_IN) {
- int len = s->setup_len - s->setup_index;
+ int len;
+ if (s->setup_len > sizeof(s->data_buf)) {
+ fprintf(stderr,
+ "usb_generic_handle_packet: ctrl buffer too small do_token_in(%d > %zu)\n",
+ s->setup_len, sizeof(s->data_buf));
+ p->status = USB_RET_STALL;
+ return;
+ }
+ len = s->setup_len - s->setup_index;
if (len > p->iov.size) {
len = p->iov.size;
}
@@ -244,7 +252,15 @@ static void do_token_out(USBDevice *s, USBPacket *p)
case SETUP_STATE_DATA:
if (!(s->setup_buf[0] & USB_DIR_IN)) {
- int len = s->setup_len - s->setup_index;
+ int len;
+ if (s->setup_len > sizeof(s->data_buf)) {
+ fprintf(stderr,
+ "usb_generic_handle_packet: ctrl buffer too small do_token_out(%d > %zu)\n",
+ s->setup_len, sizeof(s->data_buf));
+ p->status = USB_RET_STALL;
+ return;
+ }
+ len = s->setup_len - s->setup_index;
if (len > p->iov.size) {
len = p->iov.size;
}
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 6caa7ac6c2..1415107315 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -612,6 +612,8 @@ static void ehci_free_queue(EHCIQueue *q, const char *warn)
ehci_trace_guest_bug(q->ehci, warn);
}
QTAILQ_REMOVE(head, q, next);
+ memset(q, 0, sizeof(*q));
+ *(volatile char *)q = *(volatile char *)q;
g_free(q);
}
--
2.27.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。