Re: [OE-core] [poky][dunfell][PATCH] qemu: Add fix for CVE-2020-13791

Mon, 05 Apr 2021 15:24:40 -0700 

Sorry, this patch does not apply:

Applying: qemu: Add fix for CVE-2020-13791
Using index info to reconstruct a base tree...
error: patch failed: meta/recipes-devtools/qemu/qemu.inc:54
error: meta/recipes-devtools/qemu/qemu.inc: patch does not apply
error: Did you hand edit your patch?
It does not apply to blobs recorded in its index.
Patch failed at 0001 qemu: Add fix for CVE-2020-13791

It appears that something in your patch submission process is
expanding tabs into spaces.

Perhaps you could try using git-send-email for patch submission.

Steve

On Sun, Apr 4, 2021 at 7:41 PM Rahul Taya <rahul.t...@kpit.com> wrote:
>
> Added below patch to fix CVE-2020-13791
>
> CVE-2020-13791.patch
>
> Signed-off-by: Rahul Taya <rahul.t...@kpit.com>
> ---
>  meta/recipes-devtools/qemu/qemu.inc           |  1 +
>  .../qemu/qemu/CVE-2020-13791.patch            | 52 +++++++++++++++++++
>  2 files changed, 53 insertions(+)
>  create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch
>
> diff --git a/meta/recipes-devtools/qemu/qemu.inc 
> b/meta/recipes-devtools/qemu/qemu.inc
> index 5e8d3e09ff..7f8053cdd5 100644
> --- a/meta/recipes-devtools/qemu/qemu.inc
> +++ b/meta/recipes-devtools/qemu/qemu.inc
> @@ -54,6 +54,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
>            file://CVE-2020-24352.patch \
>            file://CVE-2020-25723.patch \
>            file://CVE-2021-20203.patch \
> +          file://CVE-2020-13791.patch \
>            "
>  UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
>
> diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch 
> b/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch
> new file mode 100644
> index 0000000000..6582abce59
> --- /dev/null
> +++ b/meta/recipes-devtools/qemu/qemu/CVE-2020-13791.patch
> @@ -0,0 +1,52 @@
> +From f7d6a635fa3b7797f9d072e280f065bf3cfcd24d Mon Sep 17 00:00:00 2001
> +From: Prasad J Pandit <p...@fedoraproject.org>
> +Date: Thu, 4 Jun 2020 17:05:25 +0530
> +Subject: [PATCH] pci: assert configuration access is within bounds
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +While accessing PCI configuration bytes, assert that
> +'address + len' is within PCI configuration space.
> +
> +Generally it is within bounds. This is more of a defensive
> +assert, in case a buggy device was to send 'address' which
> +may go out of bounds.
> +
> +Suggested-by: Philippe Mathieu-Daudé <phi...@redhat.com>
> +Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
> +Message-Id: <20200604113525.58898-1-ppan...@redhat.com>
> +Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
> +Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
> +
> +CVE: CVE-2020-13791
> +Upstream-Status: 
> Backport[https://github.com/qemu/qemu/commit/f7d6a635fa3b7797f9d072e280f065bf3cfcd24d.patch]
> +Comment: No hunks refreshed and no warnings were seen while applying patch.
> +Affected version: >=4.2.0 but patch already present in Master and Gatesgarth 
> branches.
> +Signed-off-by: Rahul Taya <rahul.t...@kpit.com>
> +---
> + hw/pci/pci.c | 4 ++++
> + 1 file changed, 4 insertions(+)
> +
> +diff --git a/hw/pci/pci.c b/hw/pci/pci.c
> +index 70c66965f56..7bf2ae6d92a 100644
> +--- a/hw/pci/pci.c
> ++++ b/hw/pci/pci.c
> +@@ -1381,6 +1381,8 @@ uint32_t pci_default_read_config(PCIDevice *d,
> + {
> +     uint32_t val = 0;
> +
> ++    assert(address + len <= pci_config_size(d));
> ++
> +     if (pci_is_express_downstream_port(d) &&
> +         ranges_overlap(address, len, d->exp.exp_cap + PCI_EXP_LNKSTA, 2)) {
> +         pcie_sync_bridge_lnk(d);
> +@@ -1394,6 +1396,8 @@ void pci_default_write_config(PCIDevice *d, uint32_t 
> addr, uint32_t val_in, int
> +     int i, was_irq_disabled = pci_irq_disabled(d);
> +     uint32_t val = val_in;
> +
> ++    assert(addr + l <= pci_config_size(d));
> ++
> +     for (i = 0; i < l; val >>= 8, ++i) {
> +         uint8_t wmask = d->wmask[addr + i];
> +         uint8_t w1cmask = d->w1cmask[addr + i];
> --
> 2.17.1
>
> This message contains information that may be privileged or confidential and 
> is the property of the KPIT Technologies Ltd. It is intended only for the 
> person to whom it is addressed. If you are not the intended recipient, you 
> are not authorized to read, print, retain copy, disseminate, distribute, or 
> use this message or any part thereof. If you receive this message in error, 
> please notify the sender immediately and delete all copies of this message. 
> KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#150230): 
https://lists.openembedded.org/g/openembedded-core/message/150230
Mute This Topic: https://lists.openembedded.org/mt/81857998/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to