[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8
From: |
Michael Tokarev |
Subject: |
[Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8? |
Date: |
Mon, 31 Jul 2017 13:40:48 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
After applying commit 96d87bdda3919bb16f754b3d3fd1227e1f38f13c:
Author: Gerd Hoffmann <address@hidden>
Date: Thu Feb 2 12:36:12 2017 +0100
xhci: guard xhci_kick_epctx against recursive calls
Track xhci_kick_epctx processing being active in a variable. Check the
variable before calling xhci_kick_epctx from xhci_kick_ep. Add an
assert to make sure we don't call recursively into xhci_kick_epctx.
Cc: address@hidden
Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55
Reported-by: Fabian Lesniak <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Message-id: address@hidden
to 2.8, to fix the CVE-2017-9375 in 2.8, it starts to fail at
startup with the assertion failure introduced in this commit:
hw/usb/hcd-xhci.c:2169: xhci_kick_epctx: Assertion `!epctx->kick_active'
failed.
The commit itself looks sane, but might be there were other
fixes before this one, on top of 2.8, required for it to
functioning properly? I'm not sure I understand the xhci
machinery right.
Gerd, can you shed some light on this please?
Thank you!
/mjt
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8?,
Michael Tokarev <=