On 16/01/2023 21.42, Mauro Matteo Cascella wrote:
This prevents the well known DMA-MMIO reentrancy problem (upstream issue #556)
leading to memory corruption bugs like stack overflow or use-after-free.
Fixes: CVE-2023-0330
Signed-off-by: Mauro Matteo Cascella <mcasc...@redhat.com>
Reported-by: Zheyu Ma <zheyum...@gmail.com>
---
Since the generic reentrancy guard apparently cannot be used for the lsi
controller (see commit bfd6e7ae6a72b8), I had a try with this patch, ... but
it seems this breaks the LSI driver of Linux.
I ran QEMU like this:
./qemu-system-x86_64 -accel kvm -m 2G -machine q35 \
-device lsi53c810,id=lsi1 -device scsi-hd,drive=d0 \
-drive if=none,id=d0,file=.../somedisk.qcow2 \
-cdrom Fedora-Everything-netinst-i386-25-1.3.iso
then booted into the rescue shell of the ISO image, and I was not able to
mount a partition from somedisk.qcow2 anymore. And there were lots of error
messages related to 53c8... in the "dmesg" output.
It seems like we indeed need some levels of reentrancy here and cannot
simply disable it completely.
But maybe we can block it at another level. I'll try to come up with a patch...
Thomas
