On Mon, Apr 28, 2014 at 04:08:26PM +0300, Michael S. Tsirkin wrote:
> Incoming migration with stellaris_enet is unsafe.
> It's being reworked, but for now, simply block it
> since noone is using it anyway.
> Block outgoing migration for good measure.
>
> CVE-2013-4532
>
> Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Note: this one is here so we can backport it to qemu-stable.
2.1 will have the code rewritten so no real need for this patch.
> ---
> hw/net/stellaris_enet.c | 11 ++++++++++-
> 1 file changed, 10 insertions(+), 1 deletion(-)
>
> diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
> index d04e6a4..3b2f83f 100644
> --- a/hw/net/stellaris_enet.c
> +++ b/hw/net/stellaris_enet.c
> @@ -8,6 +8,7 @@
> */
> #include "hw/sysbus.h"
> #include "net/net.h"
> +#include "migration/migration.h"
> #include <zlib.h>
>
> //#define DEBUG_STELLARIS_ENET 1
> @@ -75,6 +76,7 @@ typedef struct {
> NICConf conf;
> qemu_irq irq;
> MemoryRegion mmio;
> + Error *migration_blocker;
> } stellaris_enet_state;
>
> static void stellaris_enet_update(stellaris_enet_state *s)
> @@ -360,7 +362,7 @@ static int stellaris_enet_load(QEMUFile *f, void *opaque,
> int version_id)
> stellaris_enet_state *s = (stellaris_enet_state *)opaque;
> int i;
>
> - if (version_id != 1)
> + if (1)
> return -EINVAL;
>
> s->ris = qemu_get_be32(f);
> @@ -421,6 +423,10 @@ static int stellaris_enet_init(SysBusDevice *sbd)
> stellaris_enet_reset(s);
> register_savevm(dev, "stellaris_enet", -1, 1,
> stellaris_enet_save, stellaris_enet_load, s);
> +
> + error_setg(&s->migration_blocker,
> + "stellaris_enet does not support migration");
> + migrate_add_blocker(s->migration_blocker);
> return 0;
> }
>
> @@ -428,6 +434,9 @@ static void stellaris_enet_unrealize(DeviceState *dev,
> Error **errp)
> {
> stellaris_enet_state *s = STELLARIS_ENET(dev);
>
> + migrate_del_blocker(s->migration_blocker);
> + error_free(s->migration_blocker);
> +
> unregister_savevm(DEVICE(s), "stellaris_enet", s);
>
> memory_region_destroy(&s->mmio);
> --
> MST
>
