Re: [Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for

From:	Gerd Hoffmann
Subject:	Re: [Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8?
Date:	Mon, 21 Aug 2017 14:11:43 +0200

> After applying commit 96d87bdda3919bb16f754b3d3fd1227e1f38f13c:
> 
> Author: Gerd Hoffmann <address@hidden>
> Date:   Thu Feb 2 12:36:12 2017 +0100
> 
>     xhci: guard xhci_kick_epctx against recursive calls

> to 2.8, to fix the CVE-2017-9375 in 2.8, it starts to fail at
> startup with the assertion failure introduced in this commit:
> 
>  hw/usb/hcd-xhci.c:2169: xhci_kick_epctx: Assertion `!epctx-
> >kick_active' failed.
> 
> The commit itself looks sane, but might be there were other
> fixes before this one, on top of 2.8, required for it to
> functioning properly?  I'm not sure I understand the xhci
> machinery right.

ddb603ab6c981c1d67cb42266fc700c33e5b2d8f probably.

13e8ff7abbf1dde46280536ab4fae5012661b8b0 should help too, for cherry-
picking without conflicts.

(just back from vacation).

cheers,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] xhci: guard xhci_kick_epctx against recursive calls for 2.8?, Gerd Hoffmann <=

Prev by Date: Re: [Qemu-devel] [PATCH 3/4] throttle: Remove throttle_fix_bucket() / throttle_unfix_bucket()
Next by Date: Re: [Qemu-devel] [PATCH v4 09/10] s390x/kvm: msi route fixup for non-pci
Previous by thread: [Qemu-devel] [PATCH 0/3] QEMU Backup Tool
Next by thread: Re: [Qemu-devel] xhci: move command stop and command abort flag check to the case when the crcr_low register is set
Index(es):
- Date
- Thread