On Sun, 4 Jul 2021 at 11:56, Marcel Apfelbaum
<marcel.apfelb...@gmail.com> wrote:
>
> The following changes since commit 9c2647f75004c4f7d64c9c0ec55f8c6f0739a8b1:
>
> Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
> (2021-07-02 11:46:32 +0100)
>
> are available in the Git repository at:
>
> https://github.com/marcel-apf/qemu tags/pvrdma-04-07-2021
>
> for you to fetch changes up to f6287078c2e41cd8de424682cc86c2afccbf3797:
>
> pvrdma: Fix the ring init error flow (CVE-2021-3608) (2021-07-04 11:14:02
> +0300)
>
> ----------------------------------------------------------------
> PVRDMA queue
>
> Several CVE fixes for the PVRDMA device.
>
> ----------------------------------------------------------------
> Marcel Apfelbaum (3):
> hw/rdma: Fix possible mremap overflow in the pvrdma device
> (CVE-2021-3582)
> pvrdma: Ensure correct input on ring init (CVE-2021-3607)
> pvrdma: Fix the ring init error flow (CVE-2021-3608)
This fails to compile on 32-bit hosts:
In file included from ../hw/rdma/vmw/../rdma_backend_defs.h:23,
from ../hw/rdma/vmw/../rdma_rm_defs.h:19,
from ../hw/rdma/vmw/../rdma_backend.h:22,
from ../hw/rdma/vmw/pvrdma_cmd.c:21:
../hw/rdma/vmw/pvrdma_cmd.c: In function 'pvrdma_map_to_pdir':
../hw/rdma/vmw/../rdma_utils.h:25:18: error: format '%lu' expects
argument of type 'long unsigned int', but argument 4 has type 'size_t'
{aka 'unsigned int'} [-Werror=format=]
error_report("%s: " fmt, "rdma", ## __VA_ARGS__)
^~~~~~
../hw/rdma/vmw/pvrdma_cmd.c:43:9: note: in expansion of macro
'rdma_error_report'
rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks, length);
^~~~~~~~~~~~~~~~~
You can see this in the gitlab CI jobs, eg:
https://gitlab.com/qemu-project/qemu/-/jobs/1398130500
thanks
-- PMM
