[Qemu-commits] [qemu/qemu] 83afa3: vmware-vga: CVE-2014-3689: turn off h

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 83afa3: vmware-vga: CVE-2014-3689: turn off h

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 83afa3: vmware-vga: CVE-2014-3689: turn off hw accel
Date:	Thu, 30 Oct 2014 13:30:04 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 83afa38eb20ca27e30683edc7729880e091387fc
      
https://github.com/qemu/qemu/commit/83afa38eb20ca27e30683edc7729880e091387fc
  Author: Gerd Hoffmann <address@hidden>
  Date:   2014-10-28 (Tue, 28 Oct 2014)

  Changed paths:
    M hw/display/vmware_vga.c

  Log Message:
  -----------
  vmware-vga: CVE-2014-3689: turn off hw accel

Quick & easy stopgap for CVE-2014-3689:  We just compile out the
hardware acceleration functions which lack sanity checks.  Thankfully
we have capability bits for them (SVGA_CAP_RECT_COPY and
SVGA_CAP_RECT_FILL), so guests should deal just fine, in theory.

Subsequent patches will add the missing checks and re-enable the
hardware acceleration emulation.

Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Don Koch <address@hidden>


  Commit: 07258900fd45b646f5b69048d64c4490b3243e1b
      
https://github.com/qemu/qemu/commit/07258900fd45b646f5b69048d64c4490b3243e1b
  Author: Gerd Hoffmann <address@hidden>
  Date:   2014-10-28 (Tue, 28 Oct 2014)

  Changed paths:
    M hw/display/vmware_vga.c

  Log Message:
  -----------
  vmware-vga: add vmsvga_verify_rect

Add verification function for rectangles, returning
true if verification passes and false otherwise.

Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Don Koch <address@hidden>


  Commit: 1735fe1edba9cc86bc0f26937ed5a62d3cb47c9c
      
https://github.com/qemu/qemu/commit/1735fe1edba9cc86bc0f26937ed5a62d3cb47c9c
  Author: Gerd Hoffmann <address@hidden>
  Date:   2014-10-28 (Tue, 28 Oct 2014)

  Changed paths:
    M hw/display/vmware_vga.c

  Log Message:
  -----------
  vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect

Switch vmsvga_update_rect over to use vmsvga_verify_rect.  Slight change
in behavior:  We don't try to automatically fixup rectangles any more.
In case we find invalid update requests we'll do a full-screen update
instead.

Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Don Koch <address@hidden>


  Commit: 61b41b4c20eba08d2185297767e69153d7f3e09d
      
https://github.com/qemu/qemu/commit/61b41b4c20eba08d2185297767e69153d7f3e09d
  Author: Gerd Hoffmann <address@hidden>
  Date:   2014-10-29 (Wed, 29 Oct 2014)

  Changed paths:
    M hw/display/vmware_vga.c

  Log Message:
  -----------
  vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect

Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.

Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Don Koch <address@hidden>


  Commit: bd9ccd8517e83b7c33a9167815dbfffb30d70b13
      
https://github.com/qemu/qemu/commit/bd9ccd8517e83b7c33a9167815dbfffb30d70b13
  Author: Gerd Hoffmann <address@hidden>
  Date:   2014-10-29 (Wed, 29 Oct 2014)

  Changed paths:
    M hw/display/vmware_vga.c

  Log Message:
  -----------
  vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect

Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL.

Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Don Koch <address@hidden>


  Commit: 4239e2dc018c0defdbad35d387051ca2b208889d
      
https://github.com/qemu/qemu/commit/4239e2dc018c0defdbad35d387051ca2b208889d
  Author: Peter Maydell <address@hidden>
  Date:   2014-10-30 (Thu, 30 Oct 2014)

  Changed paths:
    M hw/display/vmware_vga.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/kraxel/tags/pull-cve-2014-3689-20141029-1' into staging

vmware-vga: add rectangle verification (CVE-2014-3689)

# gpg: Signature made Wed 29 Oct 2014 11:45:29 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"

* remotes/kraxel/tags/pull-cve-2014-3689-20141029-1:
  vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
  vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
  vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
  vmware-vga: add vmsvga_verify_rect
  vmware-vga: CVE-2014-3689: turn off hw accel

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/fecd54ccd79c...4239e2dc018c

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] 83afa3: vmware-vga: CVE-2014-3689: turn off hw accel, GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] 37f9e2: xen-hvm.c: Add support for Xen access to vmport
Next by Date: [Qemu-commits] [qemu/qemu] e6908b: vnc: sanitize bits_per_pixel from the client
Previous by thread: [Qemu-commits] [qemu/qemu] 37f9e2: xen-hvm.c: Add support for Xen access to vmport
Next by thread: [Qemu-commits] [qemu/qemu] e6908b: vnc: sanitize bits_per_pixel from the client
Index(es):
- Date
- Thread