On 16 March 2017 at 09:30, Gerd Hoffmann <kra...@redhat.com> wrote: > Hi, > > Another pile of cirrus blitter fixes, including cve fixes for known > issues, so clearly 2.9 material. > > Patches 6+7 implement a new approach to blitter memory access sanity > checking. We pass around offsets not pointers, and at the place where > the actual memory access happens we mask the offset to the valid > range before calculating the pointer. > > That should put an end to security holes due to blit_is_unsafe() sanity > checks failing to calculate some special case correctly, or due to > blit_is_unsafe() calls missing, and kill any dragons which might still > be lurking in the code. In theory this even obsoletes blit_is_unsafe(), > but I don't feel like ripping it out right away ... > > please pull, > Gerd > > The following changes since commit 1883ff34b540daacae948f493b0ba525edf5f642: > > Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging > (2017-03-15 18:44:05 +0000) > > are available in the git repository at: > > > git://git.kraxel.org/qemu tags/pull-cirrus-20170316-1 > > for you to fetch changes up to ffaf857778286ca54e3804432a2369a279e73aa7: > > cirrus: stop passing around src pointers in the blitter (2017-03-16 > 08:58:16 +0100) > > ---------------------------------------------------------------- > cirrus: blitter fixes. >
Applied, thanks. -- PMM
