[v2] hw/virtio: Protect from more DMA re-entrancy bugs

[PATCH-for-9.0 v2 0/4] hw/virtio: Protect from more DMA re-entrancy bugs

Philippe Mathieu-Daudé posted 4 patches 3 weeks, 1 day ago

Diff against v1
Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20240409105537.18308-1-philmd@linaro.org

Maintainers: Laurent Vivier <lvivier@redhat.com>, Amit Shah <amit@kernel.org>, "Michael S. Tsirkin" <mst@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>, "Gonglei (Arei)" <arei.gonglei@huawei.com>

include/hw/virtio/virtio.h  |  7 +++++++
hw/char/virtio-serial-bus.c |  3 +--
hw/display/virtio-gpu.c     |  6 ++----
hw/virtio/virtio-crypto.c   |  4 ++--
hw/virtio/virtio.c          | 10 ++++++++++
5 files changed, 22 insertions(+), 8 deletions(-)

Expand all Fold all

[PATCH-for-9.0 v2 0/4] hw/virtio: Protect from more DMA re-entrancy bugs

Posted by Philippe Mathieu-Daudé 3 weeks, 1 day ago

Fixes for CVE-2024-3446.

Gerd suggested to use the transport guard to protect the
device from DMA re-entrancy abuses.

Since v1:
- Take a DeviceState argument, not VirtIODevice, so it
  works seamlessly with CCW devices (actually the original
  code from Gerd).
- Build and test :>

I'll send a PR with these patches later today.

Regards,

Phil.

Philippe Mathieu-Daudé (4):
  hw/virtio: Introduce virtio_bh_new_guarded() helper
  hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
  hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
  hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs

 include/hw/virtio/virtio.h  |  7 +++++++
 hw/char/virtio-serial-bus.c |  3 +--
 hw/display/virtio-gpu.c     |  6 ++----
 hw/virtio/virtio-crypto.c   |  4 ++--
 hw/virtio/virtio.c          | 10 ++++++++++
 5 files changed, 22 insertions(+), 8 deletions(-)

-- 
2.41.0

Re: [PATCH-for-9.0 v2 0/4] hw/virtio: Protect from more DMA re-entrancy bugs

Posted by Michael S. Tsirkin 3 weeks, 1 day ago

On Tue, Apr 09, 2024 at 12:55:33PM +0200, Philippe Mathieu-Daudé wrote:
> Fixes for CVE-2024-3446.
> 
> Gerd suggested to use the transport guard to protect the
> device from DMA re-entrancy abuses.
> 
> Since v1:
> - Take a DeviceState argument, not VirtIODevice, so it
>   works seamlessly with CCW devices (actually the original
>   code from Gerd).
> - Build and test :>
> 
> I'll send a PR with these patches later today.

I reviewed these too now

Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

> Regards,
> 
> Phil.
> 
> Philippe Mathieu-Daudé (4):
>   hw/virtio: Introduce virtio_bh_new_guarded() helper
>   hw/display/virtio-gpu: Protect from DMA re-entrancy bugs
>   hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs
>   hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs
> 
>  include/hw/virtio/virtio.h  |  7 +++++++
>  hw/char/virtio-serial-bus.c |  3 +--
>  hw/display/virtio-gpu.c     |  6 ++----
>  hw/virtio/virtio-crypto.c   |  4 ++--
>  hw/virtio/virtio.c          | 10 ++++++++++
>  5 files changed, 22 insertions(+), 8 deletions(-)
> 
> -- 
> 2.41.0

Re: [PATCH-for-9.0 v2 0/4] hw/virtio: Protect from more DMA re-entrancy bugs

Posted by Philippe Mathieu-Daudé 3 weeks, 1 day ago

On 9/4/24 13:33, Michael S. Tsirkin wrote:
> On Tue, Apr 09, 2024 at 12:55:33PM +0200, Philippe Mathieu-Daudé wrote:
>> Fixes for CVE-2024-3446.
>>
>> Gerd suggested to use the transport guard to protect the
>> device from DMA re-entrancy abuses.
>>
>> Since v1:
>> - Take a DeviceState argument, not VirtIODevice, so it
>>    works seamlessly with CCW devices (actually the original
>>    code from Gerd).
>> - Build and test :>
>>
>> I'll send a PR with these patches later today.
> 
> I reviewed these too now
> 
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>

Thanks, series queued.