[PULL,0/4] Block layer patches (CVE-2024-4467)

Message ID	20240702163943.276618-1-kwolf@redhat.com (mailing list archive)
State	New
Headers	show Return-Path: <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org> From: Kevin Wolf <kwolf@redhat.com> To: qemu-block@nongnu.org Cc: kwolf@redhat.com, richard.henderson@linaro.org, hreitz@redhat.com, eblake@redhat.com, stefanha@redhat.com, qemu-devel@nongnu.org, qemu-stable@nongnu.org Subject: [PULL 0/4] Block layer patches (CVE-2024-4467) Date: Tue, 2 Jul 2024 18:39:39 +0200 Message-ID: <20240702163943.276618-1-kwolf@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.129.124; envelope-from=kwolf@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Message ID

20240702163943.276618-1-kwolf@redhat.com (mailing list archive)

State

New

Headers

From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, richard.henderson@linaro.org, hreitz@redhat.com,
 eblake@redhat.com, stefanha@redhat.com, qemu-devel@nongnu.org,
 qemu-stable@nongnu.org
Subject: [PULL 0/4] Block layer patches (CVE-2024-4467)
Date: Tue,  2 Jul 2024 18:39:39 +0200
Message-ID: <20240702163943.276618-1-kwolf@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.129.124; envelope-from=kwolf@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org

Message

Kevin Wolf July 2, 2024, 4:39 p.m. UTC

The following changes since commit c80a339587fe4148292c260716482dd2f86d4476:

  Merge tag 'pull-target-arm-20240701' of https://git.linaro.org/people/pmaydell/qemu-arm into staging (2024-07-01 10:41:45 -0700)

are available in the Git repository at:

  https://repo.or.cz/qemu/kevin.git tags/for-upstream

for you to fetch changes up to 7ead946998610657d38d1a505d5f25300d4ca613:

  block: Parse filenames only when explicitly requested (2024-07-02 18:12:30 +0200)

----------------------------------------------------------------
Block layer patches (CVE-2024-4467)

- Don't open qcow2 data files in 'qemu-img info'
- Disallow protocol prefixes for qcow2 data files, VMDK extent files and
  other child nodes that are neither 'file' nor 'backing'

----------------------------------------------------------------
Kevin Wolf (4):
      qcow2: Don't open data_file with BDRV_O_NO_IO
      iotests/244: Don't store data-file with protocol in image
      iotests/270: Don't store data-file with json: prefix in image
      block: Parse filenames only when explicitly requested

 block.c                    | 90 +++++++++++++++++++++++++++++-----------------
 block/qcow2.c              | 17 ++++++++-
 tests/qemu-iotests/061     |  6 ++--
 tests/qemu-iotests/061.out |  8 +++--
 tests/qemu-iotests/244     | 19 ++++++++--
 tests/qemu-iotests/270     | 14 ++++++--
 6 files changed, 110 insertions(+), 44 deletions(-)

Comments

Richard Henderson July 3, 2024, 6:26 p.m. UTC | #1

On 7/2/24 09:39, Kevin Wolf wrote:
> The following changes since commit c80a339587fe4148292c260716482dd2f86d4476:
> 
>    Merge tag 'pull-target-arm-20240701' ofhttps://git.linaro.org/people/pmaydell/qemu-arm  into staging (2024-07-01 10:41:45 -0700)
> 
> are available in the Git repository at:
> 
>    https://repo.or.cz/qemu/kevin.git  tags/for-upstream
> 
> for you to fetch changes up to 7ead946998610657d38d1a505d5f25300d4ca613:
> 
>    block: Parse filenames only when explicitly requested (2024-07-02 18:12:30 +0200)
> 
> ----------------------------------------------------------------
> Block layer patches (CVE-2024-4467)
> 
> - Don't open qcow2 data files in 'qemu-img info'
> - Disallow protocol prefixes for qcow2 data files, VMDK extent files and
>    other child nodes that are neither 'file' nor 'backing'

Applied, thanks.  Please update https://wiki.qemu.org/ChangeLog/9.1 as appropriate.


r~

[PULL,0/4] Block layer patches (CVE-2024-4467)

Pull-request

Message

Comments