mirrors/qemu
0
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2024-12-02 16:23:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

hw/pvrdma: Protect against buggy or malicious guest driver

Browse Source 
Guest driver might execute HW commands when shared buffers are not yet
allocated.
This could happen on purpose (malicious guest) or because of some other
guest/host address mapping error.
We need to protect againts such case.

Fixes: CVE-2022-1050

Reported-by: Raven <wxhusst@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
This commit is contained in:
Yuval Shaia 2022-04-03 12:52:34 +03:00 committed by Laurent Vivier
parent daa500cab6
commit 31c4b6fb02
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
hw/rdma/vmw/pvrdma_cmd.c
View File

@ -776,6 +776,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
dsr_info = &dev->dsr_info;
if (!dsr_info->dsr) {
/* Buggy or malicious guest driver */
rdma_error_report("Exec command without dsr, req or rsp buffers");
goto out;
}
if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
sizeof(struct cmd_handler)) {
rdma_error_report("Unsupported command");