I'm getting oe-selftest failures with this patch: https://errors.yoctoproject.org/Errors/Details/761408/
"Failed: qemux86 does not shutdown within timeout(120)" Steve On Fri, Mar 29, 2024 at 12:38 AM Urade, Yogita via lists.openembedded.org <Yogita.Urade=windriver....@lists.openembedded.org> wrote: > > From: Yogita Urade <yogita.ur...@windriver.com> > > A DMA reentrancy issue leading to a use-after-free error was > found in the e1000e NIC emulation code in QEMU. This issue > could allow a privileged guest user to crash the QEMU process > on the host, resulting in a denial of service. > > Fix indent issue in qemu.inc file > > References: > https://nvd.nist.gov/vuln/detail/CVE-2023-3019 > > Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> > --- > meta/recipes-devtools/qemu/qemu.inc | 19 +- > .../qemu/qemu/CVE-2023-3019-0001.patch | 135 ++++ > .../qemu/qemu/CVE-2023-3019-0002.patch | 610 ++++++++++++++++++ > .../qemu/qemu/CVE-2023-3019-0003.patch | 88 +++ > 4 files changed, 844 insertions(+), 8 deletions(-) > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch > create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0003.patch > > diff --git a/meta/recipes-devtools/qemu/qemu.inc > b/meta/recipes-devtools/qemu/qemu.inc > index ad6b310137..08ce72546d 100644 > --- a/meta/recipes-devtools/qemu/qemu.inc > +++ b/meta/recipes-devtools/qemu/qemu.inc > @@ -97,17 +97,20 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ > file://CVE-2023-3301.patch \ > file://CVE-2023-3255.patch \ > file://CVE-2023-2861.patch \ > - file://CVE-2020-14394.patch \ > - file://CVE-2023-3354.patch \ > - file://CVE-2023-3180.patch \ > - file://CVE-2021-3638.patch \ > - file://CVE-2023-1544.patch \ > - file://CVE-2023-5088.patch \ > - file://CVE-2024-24474.patch \ > - file://CVE-2023-6693.patch \ > + file://CVE-2020-14394.patch \ > + file://CVE-2023-3354.patch \ > + file://CVE-2023-3180.patch \ > + file://CVE-2021-3638.patch \ > + file://CVE-2023-1544.patch \ > + file://CVE-2023-5088.patch \ > + file://CVE-2024-24474.patch \ > + file://CVE-2023-6693.patch \ > > file://scsi-disk-allow-MODE-SELECT-block-desriptor-to-set-the-block-size.patch > \ > > file://scsi-disk-ensure-block-size-is-non-zero-and-changes-limited-to-bits-8-15.patch > \ > file://CVE-2023-42467.patch \ > + file://CVE-2023-3019-0001.patch \ > + file://CVE-2023-3019-0002.patch \ > + file://CVE-2023-3019-0003.patch \ > " > UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" > > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch > b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch > new file mode 100644 > index 0000000000..c1ef645eaf > --- /dev/null > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0001.patch > @@ -0,0 +1,135 @@ > +From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001 > +From: Alexander Bulekov <alx...@bu.edu> > +Date: Wed, 27 Mar 2024 09:41:44 +0000 > +Subject: [PATCH] memory: prevent dma-reentracy issues > + > +Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA. > +This flag is set/checked prior to calling a device's MemoryRegion > +handlers, and set when device code initiates DMA. The purpose of this > +flag is to prevent two types of DMA-based reentrancy issues: > + > +1.) mmio -> dma -> mmio case > +2.) bh -> dma write -> mmio case > + > +These issues have led to problems such as stack-exhaustion and > +use-after-frees. > + > +Summary of the problem from Peter Maydell: > +https://lore.kernel.org/qemu-devel/cafeaca_23vc7he3iam-jva6w38lk4hjowae5kcknhprd5fp...@mail.gmail.com > + > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62 > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540 > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541 > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556 > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557 > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827 > +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282 > +Resolves: CVE-2023-0330 > + > +Signed-off-by: Alexander Bulekov <alx...@bu.edu> > +Reviewed-by: Thomas Huth <th...@redhat.com> > +Message-Id: <20230427211013.2994127-2-alx...@bu.edu> > +[thuth: Replace warn_report() with warn_report_once()] > +Signed-off-by: Thomas Huth <th...@redhat.com> > + > +CVE: CVE-2023-3019 > +Upstream-Status: Backport > [https://github.com/qemu/qemu/commit/a2e1753b8054344f32cf94f31c6399a58794a380] > + > +Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> > +--- > + include/exec/memory.h | 5 +++++ > + include/hw/qdev-core.h | 7 +++++++ > + softmmu/memory.c | 16 ++++++++++++++++ > + 3 files changed, 28 insertions(+) > + > +diff --git a/include/exec/memory.h b/include/exec/memory.h > +index 20f1b2737..e089f90f9 100644 > +--- a/include/exec/memory.h > ++++ b/include/exec/memory.h > +@@ -734,6 +734,8 @@ struct MemoryRegion { > + bool is_iommu; > + RAMBlock *ram_block; > + Object *owner; > ++ /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access > hotpath */ > ++ DeviceState *dev; > + > + const MemoryRegionOps *ops; > + void *opaque; > +@@ -757,6 +759,9 @@ struct MemoryRegion { > + unsigned ioeventfd_nb; > + MemoryRegionIoeventfd *ioeventfds; > + RamDiscardManager *rdm; /* Only for RAM */ > ++ > ++ /* For devices designed to perform re-entrant IO into their own IO MRs > */ > ++ bool disable_reentrancy_guard; > + }; > + > + struct IOMMUMemoryRegion { > +diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h > +index 20d306659..14226f860 100644 > +--- a/include/hw/qdev-core.h > ++++ b/include/hw/qdev-core.h > +@@ -162,6 +162,10 @@ struct NamedClockList { > + QLIST_ENTRY(NamedClockList) node; > + }; > + > ++typedef struct { > ++ bool engaged_in_io; > ++} MemReentrancyGuard; > ++ > + /** > + * DeviceState: > + * @realized: Indicates whether the device has been fully constructed. > +@@ -193,6 +197,9 @@ struct DeviceState { > + int instance_id_alias; > + int alias_required_for_version; > + ResettableState reset; > ++ > ++ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy > */ > ++ MemReentrancyGuard mem_reentrancy_guard; > + }; > + > + struct DeviceListener { > +diff --git a/softmmu/memory.c b/softmmu/memory.c > +index 7340e19ff..102f0a424 100644 > +--- a/softmmu/memory.c > ++++ b/softmmu/memory.c > +@@ -541,6 +541,18 @@ static MemTxResult access_with_adjusted_size(hwaddr > addr, > + access_size_max = 4; > + } > + > ++ /* Do not allow more than one simultaneous access to a device's IO > Regions */ > ++ if (mr->dev && !mr->disable_reentrancy_guard && > ++ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) { > ++ if (mr->dev->mem_reentrancy_guard.engaged_in_io) { > ++ warn_report_once("Blocked re-entrant IO on MemoryRegion: " > ++ "%s at addr: 0x%" HWADDR_PRIX, > ++ memory_region_name(mr), addr); > ++ return MEMTX_ACCESS_ERROR; > ++ } > ++ mr->dev->mem_reentrancy_guard.engaged_in_io = true; > ++ } > ++ > + /* FIXME: support unaligned access? */ > + access_size = MAX(MIN(size, access_size_max), access_size_min); > + access_mask = MAKE_64BIT_MASK(0, access_size * 8); > +@@ -555,6 +567,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, > + access_mask, attrs); > + } > + } > ++ if (mr->dev) { > ++ mr->dev->mem_reentrancy_guard.engaged_in_io = false; > ++ } > + return r; > + } > + > +@@ -1169,6 +1184,7 @@ static void memory_region_do_init(MemoryRegion *mr, > + } > + mr->name = g_strdup(name); > + mr->owner = owner; > ++ mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE); > + mr->ram_block = NULL; > + > + if (name) { > +-- > +2.40.0 > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch > b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch > new file mode 100644 > index 0000000000..130477bc34 > --- /dev/null > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0002.patch > @@ -0,0 +1,610 @@ > +From 7d0fefdf81f5973334c344f6b8e1896c309dff66 Mon Sep 17 00:00:00 2001 > +From: Akihiko Odaki <akihiko.od...@daynix.com> > +Date: Fri, 29 Mar 2024 07:53:12 +0000 > +Subject: [PATCH] net: Provide MemReentrancyGuard * to qemu_new_nic() > + > +Recently MemReentrancyGuard was added to DeviceState to record that the > +device is engaging in I/O. The network device backend needs to update it > +when delivering a packet to a device. > + > +In preparation for such a change, add MemReentrancyGuard * as a > +parameter of qemu_new_nic(). > + > +Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com> > +Reviewed-by: Alexander Bulekov <alx...@bu.edu> > +Signed-off-by: Jason Wang <jasow...@redhat.com> > + > +CVE: CVE-2023-3019 > +Upstream-Status: Backport > [https://github.com/qemu/qemu/commit/7d0fefdf81f5973334c344f6b8e1896c309dff66] > + > +Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> > +--- > + hw/arm/musicpal.c | 3 ++- > + hw/net/allwinner-sun8i-emac.c | 3 ++- > + hw/net/allwinner_emac.c | 3 ++- > + hw/net/cadence_gem.c | 3 ++- > + hw/net/dp8393x.c | 3 ++- > + hw/net/e1000.c | 5 +++-- > + hw/net/e1000e.c | 2 +- > + hw/net/eepro100.c | 4 +++- > + hw/net/etraxfs_eth.c | 3 ++- > + hw/net/fsl_etsec/etsec.c | 3 ++- > + hw/net/ftgmac100.c | 3 ++- > + hw/net/i82596.c | 2 +- > + hw/net/imx_fec.c | 2 +- > + hw/net/lan9118.c | 3 ++- > + hw/net/mcf_fec.c | 3 ++- > + hw/net/mipsnet.c | 3 ++- > + hw/net/msf2-emac.c | 3 ++- > + hw/net/ne2000-isa.c | 3 ++- > + hw/net/ne2000-pci.c | 3 ++- > + hw/net/npcm7xx_emc.c | 3 ++- > + hw/net/opencores_eth.c | 3 ++- > + hw/net/pcnet.c | 3 ++- > + hw/net/rocker/rocker_fp.c | 4 ++-- > + hw/net/rtl8139.c | 3 ++- > + hw/net/smc91c111.c | 3 ++- > + hw/net/spapr_llan.c | 3 ++- > + hw/net/stellaris_enet.c | 3 ++- > + hw/net/sungem.c | 2 +- > + hw/net/sunhme.c | 3 ++- > + hw/net/tulip.c | 3 ++- > + hw/net/virtio-net.c | 6 ++++-- > + hw/net/vmxnet3.c | 2 +- > + hw/net/xen_nic.c | 3 ++- > + hw/net/xgmac.c | 3 ++- > + hw/net/xilinx_axienet.c | 3 ++- > + hw/net/xilinx_ethlite.c | 3 ++- > + hw/usb/dev-network.c | 3 ++- > + include/net/net.h | 1 + > + net/net.c | 1 + > + 39 files changed, 75 insertions(+), 40 deletions(-) > + > +diff --git a/hw/arm/musicpal.c b/hw/arm/musicpal.c > +index 2680ec55b..15fc7fee4 100644 > +--- a/hw/arm/musicpal.c > ++++ b/hw/arm/musicpal.c > +@@ -418,7 +418,8 @@ static void mv88w8618_eth_realize(DeviceState *dev, > Error **errp) > + > + address_space_init(&s->dma_as, s->dma_mr, "emac-dma"); > + s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + } > + > + static const VMStateDescription mv88w8618_eth_vmsd = { > +diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c > +index ecc0245fe..cf93b2fda 100644 > +--- a/hw/net/allwinner-sun8i-emac.c > ++++ b/hw/net/allwinner-sun8i-emac.c > +@@ -816,7 +816,8 @@ static void allwinner_sun8i_emac_realize(DeviceState > *dev, Error **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_allwinner_sun8i_emac_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c > +index ddddf35c4..b3d73143b 100644 > +--- a/hw/net/allwinner_emac.c > ++++ b/hw/net/allwinner_emac.c > +@@ -453,7 +453,8 @@ static void aw_emac_realize(DeviceState *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_aw_emac_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + fifo8_create(&s->rx_fifo, RX_FIFO_SIZE); > +diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c > +index 24b3a0ff6..cb61a7641 100644 > +--- a/hw/net/cadence_gem.c > ++++ b/hw/net/cadence_gem.c > +@@ -1633,7 +1633,8 @@ static void gem_realize(DeviceState *dev, Error **errp) > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + > + s->nic = qemu_new_nic(&net_gem_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + > + if (s->jumbo_max_len > MAX_FRAME_SIZE) { > + error_setg(errp, "jumbo-max-len is greater than %d", > +diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c > +index 45b954e46..abfcc6f69 100644 > +--- a/hw/net/dp8393x.c > ++++ b/hw/net/dp8393x.c > +@@ -943,7 +943,8 @@ static void dp8393x_realize(DeviceState *dev, Error > **errp) > + "dp8393x-regs", SONIC_REG_COUNT << s->it_shift); > + > + s->nic = qemu_new_nic(&net_dp83932_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s); > +diff --git a/hw/net/e1000.c b/hw/net/e1000.c > +index f5bc81296..0404e3c16 100644 > +--- a/hw/net/e1000.c > ++++ b/hw/net/e1000.c > +@@ -1733,8 +1733,9 @@ static void pci_e1000_realize(PCIDevice *pci_dev, > Error **errp) > + macaddr); > + > + d->nic = qemu_new_nic(&net_e1000_info, &d->conf, > +- object_get_typename(OBJECT(d)), dev->id, d); > +- > ++ object_get_typename(OBJECT(d)), dev->id, > ++ &dev->mem_reentrancy_guard, d); > ++ > + qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr); > + > + d->autoneg_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, > e1000_autoneg_timer, d); > +diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c > +index ac96f7665..b6e9b0e17 100644 > +--- a/hw/net/e1000e.c > ++++ b/hw/net/e1000e.c > +@@ -328,7 +328,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, > uint8_t *macaddr) > + int i; > + > + s->nic = qemu_new_nic(&net_e1000e_info, &s->conf, > +- object_get_typename(OBJECT(s)), dev->id, s); > ++ object_get_typename(OBJECT(s)), dev->id, > &dev->mem_reentrancy_guard, s); > + > + s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 > : 0; > + > +diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c > +index 679f52f80..871d9a095 100644 > +--- a/hw/net/eepro100.c > ++++ b/hw/net/eepro100.c > +@@ -1874,7 +1874,9 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error > **errp) > + nic_reset(s); > + > + s->nic = qemu_new_nic(&net_eepro100_info, &s->conf, > +- object_get_typename(OBJECT(pci_dev)), > pci_dev->qdev.id, s); > ++ object_get_typename(OBJECT(pci_dev)), > ++ pci_dev->qdev.id, > ++ &pci_dev->qdev.mem_reentrancy_guard, s); > + > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str)); > +diff --git a/hw/net/etraxfs_eth.c b/hw/net/etraxfs_eth.c > +index 1b82aec79..ba57a978d 100644 > +--- a/hw/net/etraxfs_eth.c > ++++ b/hw/net/etraxfs_eth.c > +@@ -618,7 +618,8 @@ static void etraxfs_eth_realize(DeviceState *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf, > +- object_get_typename(OBJECT(s)), dev->id, s); > ++ object_get_typename(OBJECT(s)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + s->phy.read = tdk_read; > +diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c > +index bd9d62b55..f790613b5 100644 > +--- a/hw/net/fsl_etsec/etsec.c > ++++ b/hw/net/fsl_etsec/etsec.c > +@@ -391,7 +391,8 @@ static void etsec_realize(DeviceState *dev, Error **errp) > + eTSEC *etsec = ETSEC_COMMON(dev); > + > + etsec->nic = qemu_new_nic(&net_etsec_info, &etsec->conf, > +- object_get_typename(OBJECT(dev)), dev->id, > etsec); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, etsec); > + qemu_format_nic_info_str(qemu_get_queue(etsec->nic), > etsec->conf.macaddr.a); > + > + etsec->ptimer = ptimer_init(etsec_timer_hit, etsec, > PTIMER_POLICY_DEFAULT); > +diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c > +index 83ef0a783..346485ab4 100644 > +--- a/hw/net/ftgmac100.c > ++++ b/hw/net/ftgmac100.c > +@@ -1118,7 +1118,8 @@ static void ftgmac100_realize(DeviceState *dev, Error > **errp) > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + > + s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/i82596.c b/hw/net/i82596.c > +index ec21e2699..9edf0ec49 100644 > +--- a/hw/net/i82596.c > ++++ b/hw/net/i82596.c > +@@ -743,7 +743,7 @@ void i82596_common_init(DeviceState *dev, I82596State > *s, NetClientInfo *info) > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + } > + s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), > +- dev->id, s); > ++ dev->id, &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + if (USE_TIMER) { > +diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c > +index 0db9aaf76..74e7e0d12 100644 > +--- a/hw/net/imx_fec.c > ++++ b/hw/net/imx_fec.c > +@@ -1318,7 +1318,7 @@ static void imx_eth_realize(DeviceState *dev, Error > **errp) > + > + s->nic = qemu_new_nic(&imx_eth_net_info, &s->conf, > + object_get_typename(OBJECT(dev)), > +- dev->id, s); > ++ dev->id, &dev->mem_reentrancy_guard, s); > + > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > +diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c > +index 6aff424cb..942bce9ae 100644 > +--- a/hw/net/lan9118.c > ++++ b/hw/net/lan9118.c > +@@ -1354,7 +1354,8 @@ static void lan9118_realize(DeviceState *dev, Error > **errp) > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + > + s->nic = qemu_new_nic(&net_lan9118_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + s->eeprom[0] = 0xa5; > + for (i = 0; i < 6; i++) { > +diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c > +index 25e3e453a..a6be7bf41 100644 > +--- a/hw/net/mcf_fec.c > ++++ b/hw/net/mcf_fec.c > +@@ -643,7 +643,8 @@ static void mcf_fec_realize(DeviceState *dev, Error > **errp) > + mcf_fec_state *s = MCF_FEC_NET(dev); > + > + s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c > +index 2ade72dea..8e925de86 100644 > +--- a/hw/net/mipsnet.c > ++++ b/hw/net/mipsnet.c > +@@ -255,7 +255,8 @@ static void mipsnet_realize(DeviceState *dev, Error > **errp) > + sysbus_init_irq(sbd, &s->irq); > + > + s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c > +index 9278fdce0..1efa3dbf0 100644 > +--- a/hw/net/msf2-emac.c > ++++ b/hw/net/msf2-emac.c > +@@ -527,7 +527,8 @@ static void msf2_emac_realize(DeviceState *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_msf2_emac_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c > +index dd6f6e34d..30bd20c29 100644 > +--- a/hw/net/ne2000-isa.c > ++++ b/hw/net/ne2000-isa.c > +@@ -74,7 +74,8 @@ static void isa_ne2000_realizefn(DeviceState *dev, Error > **errp) > + ne2000_reset(s); > + > + s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); > + } > + > +diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c > +index 9e5d10859..4f8a69908 100644 > +--- a/hw/net/ne2000-pci.c > ++++ b/hw/net/ne2000-pci.c > +@@ -71,7 +71,8 @@ static void pci_ne2000_realize(PCIDevice *pci_dev, Error > **errp) > + > + s->nic = qemu_new_nic(&net_ne2000_info, &s->c, > + object_get_typename(OBJECT(pci_dev)), > +- pci_dev->qdev.id, s); > ++ pci_dev->qdev.id, > ++ &pci_dev->qdev.mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); > + } > + > +diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c > +index df2efe1bf..82e063ae9 100644 > +--- a/hw/net/npcm7xx_emc.c > ++++ b/hw/net/npcm7xx_emc.c > +@@ -806,7 +806,8 @@ static void npcm7xx_emc_realize(DeviceState *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&emc->conf.macaddr); > + emc->nic = qemu_new_nic(&net_npcm7xx_emc_info, &emc->conf, > +- object_get_typename(OBJECT(dev)), dev->id, emc); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, emc); > + qemu_format_nic_info_str(qemu_get_queue(emc->nic), emc->conf.macaddr.a); > + } > + > +diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c > +index 0b3dc3146..f96d6ea2c 100644 > +--- a/hw/net/opencores_eth.c > ++++ b/hw/net/opencores_eth.c > +@@ -732,7 +732,8 @@ static void sysbus_open_eth_realize(DeviceState *dev, > Error **errp) > + sysbus_init_irq(sbd, &s->irq); > + > + s->nic = qemu_new_nic(&net_open_eth_info, &s->conf, > +- object_get_typename(OBJECT(s)), dev->id, s); > ++ object_get_typename(OBJECT(s)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + } > + > + static void qdev_open_eth_reset(DeviceState *dev) > +diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c > +index dcd3fc494..da910a70b 100644 > +--- a/hw/net/pcnet.c > ++++ b/hw/net/pcnet.c > +@@ -1718,7 +1718,8 @@ void pcnet_common_init(DeviceState *dev, PCNetState > *s, NetClientInfo *info) > + s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s); > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > +- s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), > dev->id, s); > ++ s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), > ++ dev->id, &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + /* Initialize the PROM */ > +diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c > +index cbeed65bd..0d21948ad 100644 > +--- a/hw/net/rocker/rocker_fp.c > ++++ b/hw/net/rocker/rocker_fp.c > +@@ -241,8 +241,8 @@ FpPort *fp_port_alloc(Rocker *r, char *sw_name, > + port->conf.bootindex = -1; > + port->conf.peers = *peers; > + > +- port->nic = qemu_new_nic(&fp_port_info, &port->conf, > +- sw_name, NULL, port); > ++ port->nic = qemu_new_nic(&fp_port_info, &port->conf, sw_name, NULL, > ++ &DEVICE(r)->mem_reentrancy_guard, port); > + qemu_format_nic_info_str(qemu_get_queue(port->nic), > + port->conf.macaddr.a); > + > +diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c > +index 90b4fc63c..43d65d725 100644 > +--- a/hw/net/rtl8139.c > ++++ b/hw/net/rtl8139.c > +@@ -3398,7 +3398,8 @@ static void pci_rtl8139_realize(PCIDevice *dev, Error > **errp) > + s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << > 8; > + > + s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf, > +- object_get_typename(OBJECT(dev)), d->id, s); > ++ object_get_typename(OBJECT(dev)), d->id, > ++ &d->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + s->cplus_txbuffer = NULL; > +diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c > +index ad778cd8f..4eda971ef 100644 > +--- a/hw/net/smc91c111.c > ++++ b/hw/net/smc91c111.c > +@@ -783,7 +783,8 @@ static void smc91c111_realize(DeviceState *dev, Error > **errp) > + sysbus_init_irq(sbd, &s->irq); > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + /* ??? Save/restore. */ > + } > +diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c > +index a6876a936..475d5f3a3 100644 > +--- a/hw/net/spapr_llan.c > ++++ b/hw/net/spapr_llan.c > +@@ -325,7 +325,8 @@ static void spapr_vlan_realize(SpaprVioDevice *sdev, > Error **errp) > + memcpy(&dev->perm_mac.a, &dev->nicconf.macaddr.a, > sizeof(dev->perm_mac.a)); > + > + dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf, > +- object_get_typename(OBJECT(sdev)), > sdev->qdev.id, dev); > ++ object_get_typename(OBJECT(sdev)), > sdev->qdev.id, > ++ &sdev->qdev.mem_reentrancy_guard, dev); > + qemu_format_nic_info_str(qemu_get_queue(dev->nic), > dev->nicconf.macaddr.a); > + > + dev->rxp_timer = timer_new_us(QEMU_CLOCK_VIRTUAL, > spapr_vlan_flush_rx_queue, > +diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c > +index 8dd60783d..6768a6912 100644 > +--- a/hw/net/stellaris_enet.c > ++++ b/hw/net/stellaris_enet.c > +@@ -492,7 +492,8 @@ static void stellaris_enet_realize(DeviceState *dev, > Error **errp) > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + > + s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/sungem.c b/hw/net/sungem.c > +index 3684a4d73..c12d44e9d 100644 > +--- a/hw/net/sungem.c > ++++ b/hw/net/sungem.c > +@@ -1361,7 +1361,7 @@ static void sungem_realize(PCIDevice *pci_dev, Error > **errp) > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_sungem_info, &s->conf, > + object_get_typename(OBJECT(dev)), > +- dev->id, s); > ++ dev->id, &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), > + s->conf.macaddr.a); > + } > +diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c > +index fc34905f8..fa98528d7 100644 > +--- a/hw/net/sunhme.c > ++++ b/hw/net/sunhme.c > +@@ -892,7 +892,8 @@ static void sunhme_realize(PCIDevice *pci_dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_sunhme_info, &s->conf, > +- object_get_typename(OBJECT(d)), d->id, s); > ++ object_get_typename(OBJECT(d)), d->id, > ++ &d->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/net/tulip.c b/hw/net/tulip.c > +index 5f8badefc..ccaa26fd8 100644 > +--- a/hw/net/tulip.c > ++++ b/hw/net/tulip.c > +@@ -985,7 +985,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error > **errp) > + > + s->nic = qemu_new_nic(&net_tulip_info, &s->c, > + object_get_typename(OBJECT(pci_dev)), > +- pci_dev->qdev.id, s); > ++ pci_dev->qdev.id, > ++ &pci_dev->qdev.mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); > + } > + > +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c > +index 42e66697f..f916813bc 100644 > +--- a/hw/net/virtio-net.c > ++++ b/hw/net/virtio-net.c > +@@ -3473,10 +3473,12 @@ static void virtio_net_device_realize(DeviceState > *dev, Error **errp) > + * Happen when virtio_net_set_netclient_name has been called. > + */ > + n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf, > +- n->netclient_type, n->netclient_name, n); > ++ n->netclient_type, n->netclient_name, > ++ &dev->mem_reentrancy_guard, n); > + } else { > + n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf, > +- object_get_typename(OBJECT(dev)), dev->id, n); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, n); > + } > + > + for (i = 0; i < n->max_queue_pairs; i++) { > +diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c > +index f65af4e9e..d4df039c5 100644 > +--- a/hw/net/vmxnet3.c > ++++ b/hw/net/vmxnet3.c > +@@ -2078,7 +2078,7 @@ static void vmxnet3_net_init(VMXNET3State *s) > + > + s->nic = qemu_new_nic(&net_vmxnet3_info, &s->conf, > + object_get_typename(OBJECT(s)), > +- d->id, s); > ++ d->id, &d->mem_reentrancy_guard, s); > + > + s->peer_has_vhdr = vmxnet3_peer_has_vnet_hdr(s); > + s->tx_sop = true; > +diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c > +index 5c815b4f0..3d0b7820d 100644 > +--- a/hw/net/xen_nic.c > ++++ b/hw/net/xen_nic.c > +@@ -294,7 +294,8 @@ static int net_init(struct XenLegacyDevice *xendev) > + } > + > + netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf, > +- "xen", NULL, netdev); > ++ "xen", NULL, > ++ &xendev->qdev.mem_reentrancy_guard, netdev); > + > + snprintf(qemu_get_queue(netdev->nic)->info_str, > + sizeof(qemu_get_queue(netdev->nic)->info_str), > +diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c > +index 0ab6ae91a..1f4f277d8 100644 > +--- a/hw/net/xgmac.c > ++++ b/hw/net/xgmac.c > +@@ -402,7 +402,8 @@ static void xgmac_enet_realize(DeviceState *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) | > +diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c > +index 990ff3a1c..8a3424380 100644 > +--- a/hw/net/xilinx_axienet.c > ++++ b/hw/net/xilinx_axienet.c > +@@ -968,7 +968,8 @@ static void xilinx_enet_realize(DeviceState *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + > + tdk_init(&s->TEMAC.phy); > +diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c > +index 6e09f7e42..80cb869e2 100644 > +--- a/hw/net/xilinx_ethlite.c > ++++ b/hw/net/xilinx_ethlite.c > +@@ -235,7 +235,8 @@ static void xilinx_ethlite_realize(DeviceState *dev, > Error **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf, > +- object_get_typename(OBJECT(dev)), dev->id, s); > ++ object_get_typename(OBJECT(dev)), dev->id, > ++ &dev->mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + } > + > +diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c > +index 6c49c1601..ae447a8bc 100644 > +--- a/hw/usb/dev-network.c > ++++ b/hw/usb/dev-network.c > +@@ -1362,7 +1362,8 @@ static void usb_net_realize(USBDevice *dev, Error > **errp) > + > + qemu_macaddr_default_if_unset(&s->conf.macaddr); > + s->nic = qemu_new_nic(&net_usbnet_info, &s->conf, > +- object_get_typename(OBJECT(s)), s->dev.qdev.id, > s); > ++ object_get_typename(OBJECT(s)), s->dev.qdev.id, > ++ &s->dev.qdev.mem_reentrancy_guard, s); > + qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); > + snprintf(s->usbstring_mac, sizeof(s->usbstring_mac), > + "%02x%02x%02x%02x%02x%02x", > +diff --git a/include/net/net.h b/include/net/net.h > +index 523136c7a..1457b6c01 100644 > +--- a/include/net/net.h > ++++ b/include/net/net.h > +@@ -145,6 +145,7 @@ NICState *qemu_new_nic(NetClientInfo *info, > + NICConf *conf, > + const char *model, > + const char *name, > ++ MemReentrancyGuard *reentrancy_guard, > + void *opaque); > + void qemu_del_nic(NICState *nic); > + NetClientState *qemu_get_subqueue(NICState *nic, int queue_index); > +diff --git a/net/net.c b/net/net.c > +index f0d14dbfc..669e194c4 100644 > +--- a/net/net.c > ++++ b/net/net.c > +@@ -299,6 +299,7 @@ NICState *qemu_new_nic(NetClientInfo *info, > + NICConf *conf, > + const char *model, > + const char *name, > ++ MemReentrancyGuard *reentrancy_guard, > + void *opaque) > + { > + NetClientState **peers = conf->peers.ncs; > +-- > +2.40.0 > diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0003.patch > b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0003.patch > new file mode 100644 > index 0000000000..861d300bda > --- /dev/null > +++ b/meta/recipes-devtools/qemu/qemu/CVE-2023-3019-0003.patch > @@ -0,0 +1,88 @@ > +From 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc Mon Sep 17 00:00:00 2001 > +From: Akihiko Odaki <akihiko.od...@daynix.com> > +Date: Thu, 28 Mar 2024 08:28:31 +0000 > +Subject: [PATCH] net: Update MemReentrancyGuard for NIC Recently > + MemReentrancyGuard was added to DeviceState to record that the device is > + engaging in I/O. The network device backend needs to update it when > + delivering a packet to a device. > + > +This implementation follows what bottom half does, but it does not add > +a tracepoint for the case that the network device backend started > +delivering a packet to a device which is already engaging in I/O. This > +is because such reentrancy frequently happens for > +qemu_flush_queued_packets() and is insignificant. > + > +Fixes: CVE-2023-3019 > +Reported-by: Alexander Bulekov <alx...@bu.edu> > +Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com> > +Acked-by: Alexander Bulekov <alx...@bu.edu> > +Signed-off-by: Jason Wang <jasow...@redhat.com> > + > +CVE: CVE-2023-3019 > +Upstream-Status: Backport > [https://github.com/qemu/qemu/commit/9050f976e447444ea6ee2ba12c9f77e4b0dc54bck] > + > +Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> > +--- > + include/net/net.h | 1 + > + net/net.c | 14 ++++++++++++++ > + 2 files changed, 15 insertions(+) > + > +diff --git a/include/net/net.h b/include/net/net.h > +index 3854f6381..df102d2c8 100644 > +--- a/include/net/net.h > ++++ b/include/net/net.h > +@@ -112,6 +112,7 @@ struct NetClientState { > + typedef struct NICState { > + NetClientState *ncs; > + NICConf *conf; > ++ MemReentrancyGuard *reentrancy_guard; > + void *opaque; > + bool peer_deleted; > + } NICState; > +diff --git a/net/net.c b/net/net.c > +index 58addd110..f0491b258 100644 > +--- a/net/net.c > ++++ b/net/net.c > +@@ -312,6 +312,7 @@ NICState *qemu_new_nic(NetClientInfo *info, > + nic = g_malloc0(info->size + sizeof(NetClientState) * queues); > + nic->ncs = (void *)nic + info->size; > + nic->conf = conf; > ++ nic->reentrancy_guard = reentrancy_guard, > + nic->opaque = opaque; > + > + for (i = 0; i < queues; i++) { > +@@ -767,6 +768,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState > *sender, > + int iovcnt, > + void *opaque) > + { > ++ MemReentrancyGuard *owned_reentrancy_guard; > + NetClientState *nc = opaque; > + int ret; > + > +@@ -779,12 +781,24 @@ static ssize_t qemu_deliver_packet_iov(NetClientState > *sender, > + return 0; > + } > + > ++ if (nc->info->type != NET_CLIENT_DRIVER_NIC || > ++ qemu_get_nic(nc)->reentrancy_guard->engaged_in_io) { > ++ owned_reentrancy_guard = NULL; > ++ } else { > ++ owned_reentrancy_guard = qemu_get_nic(nc)->reentrancy_guard; > ++ owned_reentrancy_guard->engaged_in_io = true; > ++ } > ++ > + if (nc->info->receive_iov && !(flags & QEMU_NET_PACKET_FLAG_RAW)) { > + ret = nc->info->receive_iov(nc, iov, iovcnt); > + } else { > + ret = nc_sendv_compat(nc, iov, iovcnt, flags); > + } > + > ++ if (owned_reentrancy_guard) { > ++ owned_reentrancy_guard->engaged_in_io = false; > ++ } > ++ > + if (ret == 0) { > + nc->receive_disabled = 1; > + } > +-- > +2.40.0 > -- > 2.40.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197874): https://lists.openembedded.org/g/openembedded-core/message/197874 Mute This Topic: https://lists.openembedded.org/mt/105213613/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
