[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes.
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes. |
Date: |
Thu, 16 Mar 2017 17:53:21 +0000 |
On 16 March 2017 at 09:30, Gerd Hoffmann <address@hidden> wrote:
> Hi,
>
> Another pile of cirrus blitter fixes, including cve fixes for known
> issues, so clearly 2.9 material.
>
> Patches 6+7 implement a new approach to blitter memory access sanity
> checking. We pass around offsets not pointers, and at the place where
> the actual memory access happens we mask the offset to the valid
> range before calculating the pointer.
>
> That should put an end to security holes due to blit_is_unsafe() sanity
> checks failing to calculate some special case correctly, or due to
> blit_is_unsafe() calls missing, and kill any dragons which might still
> be lurking in the code. In theory this even obsoletes blit_is_unsafe(),
> but I don't feel like ripping it out right away ...
>
> please pull,
> Gerd
>
> The following changes since commit 1883ff34b540daacae948f493b0ba525edf5f642:
>
> Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
> (2017-03-15 18:44:05 +0000)
>
> are available in the git repository at:
>
>
> git://git.kraxel.org/qemu tags/pull-cirrus-20170316-1
>
> for you to fetch changes up to ffaf857778286ca54e3804432a2369a279e73aa7:
>
> cirrus: stop passing around src pointers in the blitter (2017-03-16
> 08:58:16 +0100)
>
> ----------------------------------------------------------------
> cirrus: blitter fixes.
>
Applied, thanks.
-- PMM
- [Qemu-devel] [PULL for-2.9 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault, (continued)
- [Qemu-devel] [PULL for-2.9 1/7] fix :cirrus_vga fix OOB read case qemu Segmentation fault, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 3/7] cirrus: switch to 4 MB video memory by default, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 4/7] cirrus: add option to disable blitter, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 6/7] cirrus: stop passing around dst pointers in the blitter, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 5/7] cirrus: fix cirrus_invalidate_region, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 7/7] cirrus: stop passing around src pointers in the blitter, Gerd Hoffmann, 2017/03/16
- [Qemu-devel] [PULL for-2.9 2/7] cirrus/vnc: zap bitblit support from console code., Gerd Hoffmann, 2017/03/16
- Re: [Qemu-devel] [PULL for-2.9 0/7] cirrus: more blitter security fixes.,
Peter Maydell <=