qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8


From: Michael Tokarev
Subject: [Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8?
Date: Mon, 31 Jul 2017 13:40:48 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1

After applying commit 96d87bdda3919bb16f754b3d3fd1227e1f38f13c:

Author: Gerd Hoffmann <address@hidden>
Date:   Thu Feb 2 12:36:12 2017 +0100

    xhci: guard xhci_kick_epctx against recursive calls

    Track xhci_kick_epctx processing being active in a variable.  Check the
    variable before calling xhci_kick_epctx from xhci_kick_ep.  Add an
    assert to make sure we don't call recursively into xhci_kick_epctx.

    Cc: address@hidden
    Fixes: 94b037f2a451b3dc855f9f2c346e5049a361bd55
    Reported-by: Fabian Lesniak <address@hidden>
    Signed-off-by: Gerd Hoffmann <address@hidden>
    Message-id: address@hidden
    Message-id: address@hidden

to 2.8, to fix the CVE-2017-9375 in 2.8, it starts to fail at
startup with the assertion failure introduced in this commit:

 hw/usb/hcd-xhci.c:2169: xhci_kick_epctx: Assertion `!epctx->kick_active' 
failed.

The commit itself looks sane, but might be there were other
fixes before this one, on top of 2.8, required for it to
functioning properly?  I'm not sure I understand the xhci
machinery right.

Gerd, can you shed some light on this please?

Thank you!

/mjt



reply via email to

[Prev in Thread] Current Thread [Next in Thread]