The following changes since commit 2058fdbe81e2985c226a026851dd26b146d3395c:
Merge tag 'fixes-20220318-pull-request' of git://git.kraxel.org/qemu into staging (2022-03-19 11:28:54 +0000) are available in the Git repository at: https://gitlab.com/thuth/qemu.git tags/pull-request-2022-03-21 for you to fetch changes up to 27801168ecbb34b987d2e92a12369367bf9ac2bf: tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225) (2022-03-21 14:05:42 +0100) ---------------------------------------------------------------- * Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611) * Fix heap overflow due to recursive DMA in sdhci code ---------------------------------------------------------------- As far as I can see, these patches were ready to go, just felt through the cracks so far since Philippe is now doing other stuff... I think it would be nice to get these fixed for 7.0 (and if there is ever a thorough global DMA reentrancy fix later in >= 7.1, we can still revert the device-specific fixes here again later). Philippe Mathieu-Daudé (8): softmmu/physmem: Simplify flatview_write and address_space_access_valid softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR hw/audio/intel-hda: Do not ignore DMA overrun errors hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices) tests/qtest/intel-hda-test: Add reproducer for issue #542 hw/sd/sdhci: Honor failed DMA transactions hw/sd/sdhci: Prohibit DMA accesses to devices tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225) include/exec/memattrs.h | 9 +++++ hw/audio/intel-hda.c | 11 ++++-- hw/sd/sdhci.c | 35 ++++++++++++++----- softmmu/physmem.c | 55 ++++++++++++++++++++++++------ tests/qtest/fuzz-sdcard-test.c | 76 ++++++++++++++++++++++++++++++++++++++++++ tests/qtest/intel-hda-test.c | 34 +++++++++++++++++++ 6 files changed, 198 insertions(+), 22 deletions(-)
