Blame SOURCES/kvm-hw-intc-arm_gicv3-Check-for-MEMTX_OK-instead-of-MEMT.patch

4841a6
From 2db3d0de1be018f14cb91fdd4a368996b09d8bec Mon Sep 17 00:00:00 2001
6443c2
From: Jon Maloy <jmaloy@redhat.com>
6443c2
Date: Wed, 13 Apr 2022 14:51:06 -0400
4841a6
Subject: [PATCH 1/3] hw/intc/arm_gicv3: Check for !MEMTX_OK instead of
6443c2
 MEMTX_ERROR
6443c2
MIME-Version: 1.0
6443c2
Content-Type: text/plain; charset=UTF-8
6443c2
Content-Transfer-Encoding: 8bit
6443c2
6443c2
RH-Author: Jon Maloy <jmaloy@redhat.com>
4841a6
RH-MergeRequest: 151: hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR
4841a6
RH-Commit: [1/3] 561c9c2b1249f07d33013040b1c495ed1fbf825b (jmaloy/qemu-kvm)
4841a6
RH-Bugzilla: 1999236
6443c2
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
6443c2
RH-Acked-by: Peter Xu <peterx@redhat.com>
6443c2
4841a6
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999236
6443c2
Upstream: Merged
6443c2
CVE: CVE-2021-3750
6443c2
6443c2
commit b9d383ab797f54ae5fa8746117770709921dc529
6443c2
Author: Philippe Mathieu-Daudé <philmd@redhat.com>
6443c2
Date:   Wed Dec 15 19:24:19 2021 +0100
6443c2
6443c2
    hw/intc/arm_gicv3: Check for !MEMTX_OK instead of MEMTX_ERROR
6443c2
6443c2
    Quoting Peter Maydell:
6443c2
6443c2
     "These MEMTX_* aren't from the memory transaction
6443c2
      API functions; they're just being used by gicd_readl() and
6443c2
      friends as a way to indicate a success/failure so that the
6443c2
      actual MemoryRegionOps read/write fns like gicv3_dist_read()
6443c2
      can log a guest error."
6443c2
6443c2
    We are going to introduce more MemTxResult bits, so it is
6443c2
    safer to check for !MEMTX_OK rather than MEMTX_ERROR.
6443c2
6443c2
    Reviewed-by: Peter Xu <peterx@redhat.com>
6443c2
    Reviewed-by: David Hildenbrand <david@redhat.com>
6443c2
    Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
6443c2
    Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
6443c2
    Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
6443c2
    Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
6443c2
6443c2
(cherry picked from commit b9d383ab797f54ae5fa8746117770709921dc529)
6443c2
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
6443c2
---
6443c2
 hw/intc/arm_gicv3_redist.c | 4 ++--
6443c2
 1 file changed, 2 insertions(+), 2 deletions(-)
6443c2
6443c2
diff --git a/hw/intc/arm_gicv3_redist.c b/hw/intc/arm_gicv3_redist.c
6443c2
index c8ff3eca08..99b11ca5ee 100644
6443c2
--- a/hw/intc/arm_gicv3_redist.c
6443c2
+++ b/hw/intc/arm_gicv3_redist.c
6443c2
@@ -462,7 +462,7 @@ MemTxResult gicv3_redist_read(void *opaque, hwaddr offset, uint64_t *data,
6443c2
         break;
6443c2
     }
6443c2
 
6443c2
-    if (r == MEMTX_ERROR) {
6443c2
+    if (r != MEMTX_OK) {
6443c2
         qemu_log_mask(LOG_GUEST_ERROR,
6443c2
                       "%s: invalid guest read at offset " TARGET_FMT_plx
6443c2
                       " size %u\n", __func__, offset, size);
6443c2
@@ -521,7 +521,7 @@ MemTxResult gicv3_redist_write(void *opaque, hwaddr offset, uint64_t data,
6443c2
         break;
6443c2
     }
6443c2
 
6443c2
-    if (r == MEMTX_ERROR) {
6443c2
+    if (r != MEMTX_OK) {
6443c2
         qemu_log_mask(LOG_GUEST_ERROR,
6443c2
                       "%s: invalid guest write at offset " TARGET_FMT_plx
6443c2
                       " size %u\n", __func__, offset, size);
6443c2
-- 
6443c2
2.27.0
6443c2