mbox series

[PATCH-for-6.2,0/2] hw/block/fdc: Fix CVE-2021-3507

Message ID 20211118115733.4038610-1-philmd@redhat.com (mailing list archive)
Headers show
Series hw/block/fdc: Fix CVE-2021-3507 | expand

Message

Philippe Mathieu-Daudé Nov. 18, 2021, 11:57 a.m. UTC
Trivial fix for CVE-2021-3507.

Philippe Mathieu-Daudé (2):
  hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
  tests/qtest/fdc-test: Add a regression test for CVE-2021-3507

 hw/block/fdc.c         |  8 ++++++++
 tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+)

Comments

Philippe Mathieu-Daudé Nov. 22, 2021, 2:54 p.m. UTC | #1
ping for 6.2?

On 11/18/21 12:57, Philippe Mathieu-Daudé wrote:
> Trivial fix for CVE-2021-3507.
> 
> Philippe Mathieu-Daudé (2):
>   hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>   tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
> 
>  hw/block/fdc.c         |  8 ++++++++
>  tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>  2 files changed, 28 insertions(+)
>
Jon Maloy Jan. 27, 2022, 8:14 p.m. UTC | #2
On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
> Trivial fix for CVE-2021-3507.
>
> Philippe Mathieu-Daudé (2):
>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>
>   hw/block/fdc.c         |  8 ++++++++
>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>   2 files changed, 28 insertions(+)
>
Series
Acked-by: Jon Maloy <jmaloy@redhat.com>
John Snow Feb. 4, 2022, 9:39 p.m. UTC | #3
On Thu, Jan 27, 2022 at 3:11 PM Jon Maloy <jmaloy@redhat.com> wrote:
>
>
> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
> > Trivial fix for CVE-2021-3507.
> >
> > Philippe Mathieu-Daudé (2):
> >    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
> >    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
> >
> >   hw/block/fdc.c         |  8 ++++++++
> >   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
> >   2 files changed, 28 insertions(+)
> >
> Series
> Acked-by: Jon Maloy <jmaloy@redhat.com>
>

I could have sworn that Philippe said that this patch was incomplete
and to not merge it for 6.2, but maybe I mistook that for a different
series.

I seem to recall that this series didn't apply correctly in
conjunction with the fix for 2021-20196, but if there was a followup,
I missed it.

--js
Jon Maloy Feb. 6, 2022, 7:15 p.m. UTC | #4
On 1/27/22 15:14, Jon Maloy wrote:
>
> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
>> Trivial fix for CVE-2021-3507.
>>
>> Philippe Mathieu-Daudé (2):
>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>>
>>   hw/block/fdc.c         |  8 ++++++++
>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>>   2 files changed, 28 insertions(+)
>>
> Series
> Acked-by: Jon Maloy <jmaloy@redhat.com>

Philippe,
I hear from other sources that you earlier have qualified this one as 
"incomplete".
I am of course aware that this one, just like my own patch, is just a 
mitigation and not a complete correction of the erroneous calculation.
Or did you have anything else in mind?

Regards
///jon
Jon Maloy Feb. 6, 2022, 7:19 p.m. UTC | #5
Trying again with correct email address.
///jon

On 2/6/22 14:15, Jon Maloy wrote:
>
>
> On 1/27/22 15:14, Jon Maloy wrote:
>>
>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
>>> Trivial fix for CVE-2021-3507.
>>>
>>> Philippe Mathieu-Daudé (2):
>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>>>
>>>   hw/block/fdc.c         |  8 ++++++++
>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>>>   2 files changed, 28 insertions(+)
>>>
>> Series
>> Acked-by: Jon Maloy <jmaloy@redhat.com>
>
> Philippe,
> I hear from other sources that you earlier have qualified this one as 
> "incomplete".
> I am of course aware that this one, just like my own patch, is just a 
> mitigation and not a complete correction of the erroneous calculation.
> Or did you have anything else in mind?
>
> Regards
> ///jon
>
Thomas Huth March 10, 2022, 5:14 p.m. UTC | #6
On 06/02/2022 20.19, Jon Maloy wrote:
> Trying again with correct email address.
> ///jon
> 
> On 2/6/22 14:15, Jon Maloy wrote:
>>
>>
>> On 1/27/22 15:14, Jon Maloy wrote:
>>>
>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
>>>> Trivial fix for CVE-2021-3507.
>>>>
>>>> Philippe Mathieu-Daudé (2):
>>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>>>>
>>>>   hw/block/fdc.c         |  8 ++++++++
>>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>>>>   2 files changed, 28 insertions(+)
>>>>
>>> Series
>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
>>
>> Philippe,
>> I hear from other sources that you earlier have qualified this one as 
>> "incomplete".
>> I am of course aware that this one, just like my own patch, is just a 
>> mitigation and not a complete correction of the erroneous calculation.
>> Or did you have anything else in mind?

Any news on this one? It would be nice to get the CVE fixed for 7.0 ?

  Thomas
Jon Maloy March 10, 2022, 5:53 p.m. UTC | #7
On 3/10/22 12:14, Thomas Huth wrote:
> On 06/02/2022 20.19, Jon Maloy wrote:
>> Trying again with correct email address.
>> ///jon
>>
>> On 2/6/22 14:15, Jon Maloy wrote:
>>>
>>>
>>> On 1/27/22 15:14, Jon Maloy wrote:
>>>>
>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
>>>>> Trivial fix for CVE-2021-3507.
>>>>>
>>>>> Philippe Mathieu-Daudé (2):
>>>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>>>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>>>>>
>>>>>   hw/block/fdc.c         |  8 ++++++++
>>>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>>>>>   2 files changed, 28 insertions(+)
>>>>>
>>>> Series
>>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
>>>
>>> Philippe,
>>> I hear from other sources that you earlier have qualified this one 
>>> as "incomplete".
>>> I am of course aware that this one, just like my own patch, is just 
>>> a mitigation and not a complete correction of the erroneous 
>>> calculation.
>>> Or did you have anything else in mind?
>
> Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
>
>  Thomas
>
The ball is currently with John Snow, as I understand it.
The concern is that this fix may not take the driver back to a 
consistent state, so that we may have other problems later.
Maybe Philippe can chip in with a comment here?

///jon
Thomas Huth March 18, 2022, 6:50 p.m. UTC | #8
On 10/03/2022 18.53, Jon Maloy wrote:
> 
> On 3/10/22 12:14, Thomas Huth wrote:
>> On 06/02/2022 20.19, Jon Maloy wrote:
>>> Trying again with correct email address.
>>> ///jon
>>>
>>> On 2/6/22 14:15, Jon Maloy wrote:
>>>>
>>>>
>>>> On 1/27/22 15:14, Jon Maloy wrote:
>>>>>
>>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
>>>>>> Trivial fix for CVE-2021-3507.
>>>>>>
>>>>>> Philippe Mathieu-Daudé (2):
>>>>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>>>>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>>>>>>
>>>>>>   hw/block/fdc.c         |  8 ++++++++
>>>>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>>>>>>   2 files changed, 28 insertions(+)
>>>>>>
>>>>> Series
>>>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
>>>>
>>>> Philippe,
>>>> I hear from other sources that you earlier have qualified this one as 
>>>> "incomplete".
>>>> I am of course aware that this one, just like my own patch, is just a 
>>>> mitigation and not a complete correction of the erroneous calculation.
>>>> Or did you have anything else in mind?
>>
>> Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
>>
>>  Thomas
>>
> The ball is currently with John Snow, as I understand it.
> The concern is that this fix may not take the driver back to a consistent 
> state, so that we may have other problems later.
> Maybe Philippe can chip in with a comment here?

John, Philippe, any ideas how to move this forward?

  Thomas
John Snow March 23, 2022, 2:25 a.m. UTC | #9
On Fri, Mar 18, 2022 at 2:50 PM Thomas Huth <thuth@redhat.com> wrote:
>
> On 10/03/2022 18.53, Jon Maloy wrote:
> >
> > On 3/10/22 12:14, Thomas Huth wrote:
> >> On 06/02/2022 20.19, Jon Maloy wrote:
> >>> Trying again with correct email address.
> >>> ///jon
> >>>
> >>> On 2/6/22 14:15, Jon Maloy wrote:
> >>>>
> >>>>
> >>>> On 1/27/22 15:14, Jon Maloy wrote:
> >>>>>
> >>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
> >>>>>> Trivial fix for CVE-2021-3507.
> >>>>>>
> >>>>>> Philippe Mathieu-Daudé (2):
> >>>>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
> >>>>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
> >>>>>>
> >>>>>>   hw/block/fdc.c         |  8 ++++++++
> >>>>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
> >>>>>>   2 files changed, 28 insertions(+)
> >>>>>>
> >>>>> Series
> >>>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
> >>>>
> >>>> Philippe,
> >>>> I hear from other sources that you earlier have qualified this one as
> >>>> "incomplete".
> >>>> I am of course aware that this one, just like my own patch, is just a
> >>>> mitigation and not a complete correction of the erroneous calculation.
> >>>> Or did you have anything else in mind?
> >>
> >> Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
> >>
> >>  Thomas
> >>
> > The ball is currently with John Snow, as I understand it.
> > The concern is that this fix may not take the driver back to a consistent
> > state, so that we may have other problems later.
> > Maybe Philippe can chip in with a comment here?
>
> John, Philippe, any ideas how to move this forward?
>
>   Thomas
>

The ball is indeed in my court. I need to audit this properly and get
the patch re-applied, and get tests passing.

As a personal favor: Could you please ping me on IRC tomorrow about
this? (Well, later today, for you.)
Kevin Wolf May 3, 2022, 9:59 a.m. UTC | #10
Am 23.03.2022 um 03:25 hat John Snow geschrieben:
> On Fri, Mar 18, 2022 at 2:50 PM Thomas Huth <thuth@redhat.com> wrote:
> >
> > On 10/03/2022 18.53, Jon Maloy wrote:
> > >
> > > On 3/10/22 12:14, Thomas Huth wrote:
> > >> On 06/02/2022 20.19, Jon Maloy wrote:
> > >>> Trying again with correct email address.
> > >>> ///jon
> > >>>
> > >>> On 2/6/22 14:15, Jon Maloy wrote:
> > >>>>
> > >>>>
> > >>>> On 1/27/22 15:14, Jon Maloy wrote:
> > >>>>>
> > >>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
> > >>>>>> Trivial fix for CVE-2021-3507.
> > >>>>>>
> > >>>>>> Philippe Mathieu-Daudé (2):
> > >>>>>>    hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
> > >>>>>>    tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
> > >>>>>>
> > >>>>>>   hw/block/fdc.c         |  8 ++++++++
> > >>>>>>   tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
> > >>>>>>   2 files changed, 28 insertions(+)
> > >>>>>>
> > >>>>> Series
> > >>>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
> > >>>>
> > >>>> Philippe,
> > >>>> I hear from other sources that you earlier have qualified this one as
> > >>>> "incomplete".
> > >>>> I am of course aware that this one, just like my own patch, is just a
> > >>>> mitigation and not a complete correction of the erroneous calculation.
> > >>>> Or did you have anything else in mind?
> > >>
> > >> Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
> > >>
> > >>  Thomas
> > >>
> > > The ball is currently with John Snow, as I understand it.
> > > The concern is that this fix may not take the driver back to a consistent
> > > state, so that we may have other problems later.
> > > Maybe Philippe can chip in with a comment here?
> >
> > John, Philippe, any ideas how to move this forward?
> >
> >   Thomas
> >
> 
> The ball is indeed in my court. I need to audit this properly and get
> the patch re-applied, and get tests passing.
> 
> As a personal favor: Could you please ping me on IRC tomorrow about
> this? (Well, later today, for you.)

Going through old patches... Is this one still open?

Kevin
Jon Maloy May 3, 2022, 4:21 p.m. UTC | #11
On 5/3/22 05:59, Kevin Wolf wrote:
> Am 23.03.2022 um 03:25 hat John Snow geschrieben:
>> On Fri, Mar 18, 2022 at 2:50 PM Thomas Huth <thuth@redhat.com> wrote:
>>> On 10/03/2022 18.53, Jon Maloy wrote:
>>>> On 3/10/22 12:14, Thomas Huth wrote:
>>>>> On 06/02/2022 20.19, Jon Maloy wrote:
>>>>>> Trying again with correct email address.
>>>>>> ///jon
>>>>>>
>>>>>> On 2/6/22 14:15, Jon Maloy wrote:
>>>>>>>
>>>>>>> On 1/27/22 15:14, Jon Maloy wrote:
>>>>>>>> On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
>>>>>>>>> Trivial fix for CVE-2021-3507.
>>>>>>>>>
>>>>>>>>> Philippe Mathieu-Daudé (2):
>>>>>>>>>     hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
>>>>>>>>>     tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
>>>>>>>>>
>>>>>>>>>    hw/block/fdc.c         |  8 ++++++++
>>>>>>>>>    tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
>>>>>>>>>    2 files changed, 28 insertions(+)
>>>>>>>>>
>>>>>>>> Series
>>>>>>>> Acked-by: Jon Maloy <jmaloy@redhat.com>
>>>>>>> Philippe,
>>>>>>> I hear from other sources that you earlier have qualified this one as
>>>>>>> "incomplete".
>>>>>>> I am of course aware that this one, just like my own patch, is just a
>>>>>>> mitigation and not a complete correction of the erroneous calculation.
>>>>>>> Or did you have anything else in mind?
>>>>> Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
>>>>>
>>>>>   Thomas
>>>>>
>>>> The ball is currently with John Snow, as I understand it.
>>>> The concern is that this fix may not take the driver back to a consistent
>>>> state, so that we may have other problems later.
>>>> Maybe Philippe can chip in with a comment here?
>>> John, Philippe, any ideas how to move this forward?
>>>
>>>    Thomas
>>>
>> The ball is indeed in my court. I need to audit this properly and get
>> the patch re-applied, and get tests passing.
>>
>> As a personal favor: Could you please ping me on IRC tomorrow about
>> this? (Well, later today, for you.)
> Going through old patches... Is this one still open?
>
> Kevin
>
Yes, it is.

///jon
Kevin Wolf May 12, 2022, 11:06 a.m. UTC | #12
Am 03.05.2022 um 18:21 hat Jon Maloy geschrieben:
> 
> 
> On 5/3/22 05:59, Kevin Wolf wrote:
> > Am 23.03.2022 um 03:25 hat John Snow geschrieben:
> > > On Fri, Mar 18, 2022 at 2:50 PM Thomas Huth <thuth@redhat.com> wrote:
> > > > On 10/03/2022 18.53, Jon Maloy wrote:
> > > > > On 3/10/22 12:14, Thomas Huth wrote:
> > > > > > On 06/02/2022 20.19, Jon Maloy wrote:
> > > > > > > Trying again with correct email address.
> > > > > > > ///jon
> > > > > > > 
> > > > > > > On 2/6/22 14:15, Jon Maloy wrote:
> > > > > > > > 
> > > > > > > > On 1/27/22 15:14, Jon Maloy wrote:
> > > > > > > > > On 11/18/21 06:57, Philippe Mathieu-Daudé wrote:
> > > > > > > > > > Trivial fix for CVE-2021-3507.
> > > > > > > > > > 
> > > > > > > > > > Philippe Mathieu-Daudé (2):
> > > > > > > > > >     hw/block/fdc: Prevent end-of-track overrun (CVE-2021-3507)
> > > > > > > > > >     tests/qtest/fdc-test: Add a regression test for CVE-2021-3507
> > > > > > > > > > 
> > > > > > > > > >    hw/block/fdc.c         |  8 ++++++++
> > > > > > > > > >    tests/qtest/fdc-test.c | 20 ++++++++++++++++++++
> > > > > > > > > >    2 files changed, 28 insertions(+)
> > > > > > > > > > 
> > > > > > > > > Series
> > > > > > > > > Acked-by: Jon Maloy <jmaloy@redhat.com>
> > > > > > > > Philippe,
> > > > > > > > I hear from other sources that you earlier have qualified this one as
> > > > > > > > "incomplete".
> > > > > > > > I am of course aware that this one, just like my own patch, is just a
> > > > > > > > mitigation and not a complete correction of the erroneous calculation.
> > > > > > > > Or did you have anything else in mind?
> > > > > > Any news on this one? It would be nice to get the CVE fixed for 7.0 ?
> > > > > > 
> > > > > >   Thomas
> > > > > > 
> > > > > The ball is currently with John Snow, as I understand it.
> > > > > The concern is that this fix may not take the driver back to a consistent
> > > > > state, so that we may have other problems later.
> > > > > Maybe Philippe can chip in with a comment here?
> > > > John, Philippe, any ideas how to move this forward?
> > > > 
> > > >    Thomas
> > > > 
> > > The ball is indeed in my court. I need to audit this properly and get
> > > the patch re-applied, and get tests passing.
> > > 
> > > As a personal favor: Could you please ping me on IRC tomorrow about
> > > this? (Well, later today, for you.)
> > Going through old patches... Is this one still open?
> > 
> > Kevin
> > 
> Yes, it is.

I was hoping that John would get back to it after my ping, but doesn't
look like it.

So this may not be the perfect fix and the perfect test, but it's
certainly better than having nothing for multiple releases. I fixed up
the test with the snapshot=on that Alexander suggested (this also fixes
the file locking problem Hanna had and that I saw, too) and applied it
to my block branch.

Kevin