Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
xen.5424
CVE-2016-4037-qemuu-usb-Infinite-loop-vulnerabi...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2016-4037-qemuu-usb-Infinite-loop-vulnerability-in-usb_ehci-using-siTD-process.patch of Package xen.5424
References: bsc#976111 CVE-2016-4037 Commit "156a2e4 ehci: make idt processing more robust" tries to avoid a DoS by the guest (create a circular itd queue and let qemu ehci emulation run in circles forever). Unfortunaly this has two problems: First it misses the case of sitds, and second it reportly breaks freebsd. So lets go for a different approach: just count the number of itds and sitds we have seen per frame and apply a limit. That should really catch all cases now. Signed-off-by: Gerd Hoffmann <address@hidden> --- hw/usb/hcd-ehci.c | 8 ++++++++ 1 file changed, 8 insertions(+) Index: xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c =================================================================== --- xen-4.5.3-testing.orig/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c +++ xen-4.5.3-testing/tools/qemu-xen-dir-remote/hw/usb/hcd-ehci.c @@ -2091,6 +2091,7 @@ static int ehci_state_writeback(EHCIQueu static void ehci_advance_state(EHCIState *ehci, int async) { EHCIQueue *q = NULL; + int idt_count = 0; int again; do { @@ -2115,10 +2116,12 @@ static void ehci_advance_state(EHCIState case EST_FETCHITD: again = ehci_state_fetchitd(ehci, async); + idt_count++; break; case EST_FETCHSITD: again = ehci_state_fetchsitd(ehci, async); + idt_count++; break; case EST_ADVANCEQUEUE: @@ -2172,6 +2175,11 @@ static void ehci_advance_state(EHCIState ehci_reset(ehci); again = 0; } + + /* limit the amout of idts we are willing to process each frame */ + if (idt_count > 16) { + again = 0; + } } while (again); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor