[PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196

Philippe Mathieu-Daudé posted 3 patches 1 week, 6 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20211124161536.631563-1-philmd@redhat.com
hw/block/fdc.c         | 23 ++++++++++++++++++++---
tests/qtest/fdc-test.c | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+), 3 deletions(-)

[PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196

Posted by Philippe Mathieu-Daudé 1 week, 6 days ago
Since v3:
- Preliminary extract blk_create_empty_drive()
- qtest checks qtest_check_clang_sanitizer() enabled
- qtest uses null-co:// driver instead of file

Philippe Mathieu-Daudé (3):
  hw/block/fdc: Extract blk_create_empty_drive()
  hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
  tests/qtest/fdc-test: Add a regression test for CVE-2021-20196

 hw/block/fdc.c         | 23 ++++++++++++++++++++---
 tests/qtest/fdc-test.c | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 3 deletions(-)

-- 
2.33.1


Re: [PATCH v4 0/3] hw/block/fdc: Fix CVE-2021-20196

Posted by John Snow 1 week, 6 days ago
On Wed, Nov 24, 2021 at 11:15 AM Philippe Mathieu-Daudé <philmd@redhat.com>
wrote:

> Since v3:
> - Preliminary extract blk_create_empty_drive()
> - qtest checks qtest_check_clang_sanitizer() enabled
> - qtest uses null-co:// driver instead of file
>
> Philippe Mathieu-Daudé (3):
>   hw/block/fdc: Extract blk_create_empty_drive()
>   hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
>   tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
>
>  hw/block/fdc.c         | 23 ++++++++++++++++++++---
>  tests/qtest/fdc-test.c | 38 ++++++++++++++++++++++++++++++++++++++
>  2 files changed, 58 insertions(+), 3 deletions(-)
>
> --
> 2.33.1
>
>
I'm testing this now. I'm going to take your word for it. If Hanna is fine
with the block-layer components of the fix, I'll probably take it, but I
will be sending a patch to remove myself as maintainer in the process,
since I don't have the time to do the "proper fix" for these devices, and
haven't for quite some time.

--js