Message ID | 20210704105646.13524-1-marcel.apfelbaum@gmail.com |
---|---|
State | New |
Headers | show |
On Sun, 4 Jul 2021 at 11:56, Marcel Apfelbaum <marcel.apfelbaum@gmail.com> wrote: > > The following changes since commit 9c2647f75004c4f7d64c9c0ec55f8c6f0739a8b1: > > Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (2021-07-02 11:46:32 +0100) > > are available in the Git repository at: > > https://github.com/marcel-apf/qemu tags/pvrdma-04-07-2021 > > for you to fetch changes up to f6287078c2e41cd8de424682cc86c2afccbf3797: > > pvrdma: Fix the ring init error flow (CVE-2021-3608) (2021-07-04 11:14:02 +0300) > > ---------------------------------------------------------------- > PVRDMA queue > > Several CVE fixes for the PVRDMA device. > > ---------------------------------------------------------------- > Marcel Apfelbaum (3): > hw/rdma: Fix possible mremap overflow in the pvrdma device > (CVE-2021-3582) > pvrdma: Ensure correct input on ring init (CVE-2021-3607) > pvrdma: Fix the ring init error flow (CVE-2021-3608) This fails to compile on 32-bit hosts: In file included from ../hw/rdma/vmw/../rdma_backend_defs.h:23, from ../hw/rdma/vmw/../rdma_rm_defs.h:19, from ../hw/rdma/vmw/../rdma_backend.h:22, from ../hw/rdma/vmw/pvrdma_cmd.c:21: ../hw/rdma/vmw/pvrdma_cmd.c: In function 'pvrdma_map_to_pdir': ../hw/rdma/vmw/../rdma_utils.h:25:18: error: format '%lu' expects argument of type 'long unsigned int', but argument 4 has type 'size_t' {aka 'unsigned int'} [-Werror=format=] error_report("%s: " fmt, "rdma", ## __VA_ARGS__) ^~~~~~ ../hw/rdma/vmw/pvrdma_cmd.c:43:9: note: in expansion of macro 'rdma_error_report' rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks, length); ^~~~~~~~~~~~~~~~~ You can see this in the gitlab CI jobs, eg: https://gitlab.com/qemu-project/qemu/-/jobs/1398130500 thanks -- PMM
Hi Peter, On Sun, Jul 4, 2021 at 8:28 PM Peter Maydell <peter.maydell@linaro.org> wrote: > On Sun, 4 Jul 2021 at 11:56, Marcel Apfelbaum > <marcel.apfelbaum@gmail.com> wrote: > > > > The following changes since commit > 9c2647f75004c4f7d64c9c0ec55f8c6f0739a8b1: > > > > Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into > staging (2021-07-02 11:46:32 +0100) > > > > are available in the Git repository at: > > > > https://github.com/marcel-apf/qemu tags/pvrdma-04-07-2021 > > > > for you to fetch changes up to f6287078c2e41cd8de424682cc86c2afccbf3797: > > > > pvrdma: Fix the ring init error flow (CVE-2021-3608) (2021-07-04 > 11:14:02 +0300) > > > > ---------------------------------------------------------------- > > PVRDMA queue > > > > Several CVE fixes for the PVRDMA device. > > > > ---------------------------------------------------------------- > > Marcel Apfelbaum (3): > > hw/rdma: Fix possible mremap overflow in the pvrdma device > > (CVE-2021-3582) > > pvrdma: Ensure correct input on ring init (CVE-2021-3607) > > pvrdma: Fix the ring init error flow (CVE-2021-3608) > > This fails to compile on 32-bit hosts: > > In file included from ../hw/rdma/vmw/../rdma_backend_defs.h:23, > from ../hw/rdma/vmw/../rdma_rm_defs.h:19, > from ../hw/rdma/vmw/../rdma_backend.h:22, > from ../hw/rdma/vmw/pvrdma_cmd.c:21: > ../hw/rdma/vmw/pvrdma_cmd.c: In function 'pvrdma_map_to_pdir': > ../hw/rdma/vmw/../rdma_utils.h:25:18: error: format '%lu' expects > argument of type 'long unsigned int', but argument 4 has type 'size_t' > {aka 'unsigned int'} [-Werror=format=] > error_report("%s: " fmt, "rdma", ## __VA_ARGS__) > ^~~~~~ > ../hw/rdma/vmw/pvrdma_cmd.c:43:9: note: in expansion of macro > 'rdma_error_report' > rdma_error_report("Invalid nchunks/length (%u, %lu)", nchunks, length); > ^~~~~~~~~~~~~~~~~ > > I reproduced the issue, thank you. I will fix and re-spin. Thanks, Marcel > You can see this in the gitlab CI jobs, eg: > > https://gitlab.com/qemu-project/qemu/-/jobs/1398130500 > > thanks > -- PMM >