File CVE-2016-8667-qemuu-dma-rc4030-divide-by-zero-e... of Package xen

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-8667-qemuu-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch of Package xen (Revision 078ee701765e3bda05366c837b94d8b7)

Currently displaying revision 078ee701765e3bda05366c837b94d8b7 , Show latest

References: bsc#1005004 CVE-2016-8667

The JAZZ RC4030 chipset emulator has a periodic timer and
associated interval reload register. The reload value is used
as divider when computing timer's next tick value. If reload
value is large, it could lead to divide by zero error. Limit
the interval reload value to avoid it.

Reported-by: Huawei PSIRT <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/dma/rc4030.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/dma/rc4030.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/dma/rc4030.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/dma/rc4030.c
@@ -377,7 +377,7 @@ static void rc4030_writel(void *opaque,
         break;
     /* Interval timer reload */
     case 0x0228:
-        s->itr = val;
+        s->itr = val & 0x01FF;
         qemu_irq_lower(s->timer_irq);
         set_next_tick(s);
         break;

Places

File CVE-2016-8667-qemuu-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch of Package xen (Revision 078ee701765e3bda05366c837b94d8b7)

Places