Code review comment for ~paelzer/ubuntu/+source/qemu:focal-SRU-august2020-1890154-1883984-1891203-1891877

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

From the beginning

c33d65deb29 - security update 4.2-3ubuntu6.4 (to be released)


5c4fe018c0 nbd/server: Avoid long error message assertions CVE-2020-10761
fa70c2871f sm501: Optimize small overlapping blits
84ec3f9402 sm501: Fix bounds checks
4decaad9d2 sm501: Drop unneded variable
f018edc358 sm501: Do not allow guest to set invalid format
299778d5af sm501: Introduce variable for commonly used value for better readability
9982c605a7 sm501: Fix and optimize overlap check
e29da77e5f sm501: Convert printf + abort to qemu_log_mask
6f8183b5dc sm501: Shorten long variable names in sm501_2d_operation
2824809b7f sm501: Use BIT(x) macro to shorten constant
3d0b096298 sm501: Clean up local variables in sm501_2d_operation
b15a22bbcb sm501: Replace hand written implementation with pixman where possible
790762e548 hw/sd/sdcard: Do not switch to ReceivingData if address is invalid
369ff955a8 es1370: check total frame count against current frame
f50ab86a26 megasas: use unsigned type for reply_queue_head and check index
fd69185567 megasas: avoid NULL pointer dereference
2b151297e4 megasas: use unsigned type for positive numeric fields
77f55eac6c exec: set map length to zero when returning NULL
5d971f9e67 memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"
dba04c3488 acpi: accept byte and word access to core ACPI registers
a98610c429 ati-vga: check mm_index before recursive call (CVE-2020-13800)
7a4ede0047 audio/oss: fix buffer pos calculation
5519724a13 hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
035e69b063 hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()


So, all the CVE fixes look ok, but I think we might be missing a fix for a regression caused by:

5d971f9e67 memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"

which is:

commit 70b78d4e71 (MISSING)
Author: Alistair Francis <email address hidden>
Date: Tue Jun 30 17:12:11 2020

    hw/riscv: Allow 64 bit access to SiFive CLINT

    Commit 5d971f9e672507210e77d020d89e0e89165c8fc9
    "memory: Revert "memory: accept mismatching sizes in
    memory_region_access_valid"" broke most RISC-V boards as they do 64 bit
    accesses to the CLINT and QEMU would trigger a fault. Fix this failure
    by allowing 8 byte accesses.

    Signed-off-by: Alistair Francis <email address hidden>
    Reviewed-by: LIU Zhiwei<email address hidden>
    Message-Id: <122b78825b077e4dfd39b444d3a46fe894a7804c<email address hidden>>

« Back to merge proposal