Re: [PATCH v2 1/2] net: Provide MemReentrancyGuard * to qemu_new_nic()

[Philippe Mathieu-Daudé]

On 26/4/24 14:37, Akihiko Odaki wrote:
> On 2024/04/24 21:32, Thomas Huth wrote:
> > On 24/04/2024 12.41, Prasad Pandit wrote:
> > > On Wednesday, 24 April, 2024 at 03:36:01 pm IST, Philippe 
> > > Mathieu-Daudé wrote:
> > > > On 1/6/23 05:18, Akihiko Odaki wrote:
> > > > > Recently MemReentrancyGuard was added to DeviceState to record that 
> > > > > the
> > > > > device is engaging in I/O. The network device backend needs to 
> > > > > update it
> > > > > when delivering a packet to a device.
> > > > > In preparation for such a change, add MemReentrancyGuard * as a
> > > > > parameter of qemu_new_nic().
> > > >
> > > > An user on IRC asked if this patch is related/fixing CVE-2021-20255,
> > > > any clue?
> > >
> > > * CVE-2021-20255 bug: infinite recursion is pointing at a different 
> > > fix patch.
> > >    -> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-20255
> > >
> > > * And the this patch below has different issue tagged
> > > -> https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08312.html
> > >    Fixes: CVE-2023-3019
> > >
> > >
> > > * They look different, former is an infinite recursion issue and the 
> > > latter is a use-after-free one.
> >
> > I assume the eepro reentrancy issue has been fixed with:
> >
> >   https://gitlab.com/qemu-project/qemu/-/issues/556
> >   i.e.:
> >   https://gitlab.com/qemu-project/qemu/-/commit/c40ca2301c7603524eaddb5308a3
>
> I agree. Commit c40ca2301c7603524eaddb5308a3 should be what fixed 
> CVE-2021-20255, not this patch.

Thank you all for clarifying!