mirror of
https://git.yoctoproject.org/poky
synced 2026-06-07 03:04:04 +00:00
qemu: patch for CVE-2018-15746
(From OE-Core rev: 8c02e508dc861ee95a66f3f685d24518a699685b) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Changqing Li
committed by
Richard Purdie
Richard Purdie
parent
735e066b1c
commit
f3fb768200
@@ -0,0 +1,64 @@
|
||||
From 9acf4c64dd4560bd268006d7356c7455fab7e5b1 Mon Sep 17 00:00:00 2001
|
||||
From: Changqing Li <changqing.li@windriver.com>
|
||||
Date: Thu, 6 Sep 2018 14:52:12 +0800
|
||||
Subject: [PATCH] seccomp: set the seccomp filter to all threads
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
When using "-seccomp on", the seccomp policy is only applied to the
|
||||
main thread, the vcpu worker thread and other worker threads created
|
||||
after seccomp policy is applied; the seccomp policy is not applied to
|
||||
e.g. the RCU thread because it is created before the seccomp policy is
|
||||
applied and SECCOMP_FILTER_FLAG_TSYNC isn't used.
|
||||
|
||||
This can be verified with
|
||||
for task in /proc/`pidof qemu`/task/*; do cat $task/status | grep Secc ; done
|
||||
Seccomp: 2
|
||||
Seccomp: 0
|
||||
Seccomp: 0
|
||||
Seccomp: 2
|
||||
Seccomp: 2
|
||||
Seccomp: 2
|
||||
|
||||
Starting with libseccomp 2.2.0 and kernel >= 3.17, we can use
|
||||
seccomp_attr_set(ctx, > SCMP_FLTATR_CTL_TSYNC, 1) to update the policy
|
||||
on all threads.
|
||||
|
||||
libseccomp requirement was bumped to 2.2.0 in previous patch.
|
||||
libseccomp should fail to set the filter if it can't honour
|
||||
SCMP_FLTATR_CTL_TSYNC (untested), and thus -sandbox will now fail on
|
||||
kernel < 3.17.
|
||||
|
||||
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
Acked-by: Eduardo Otubo <otubo@redhat.com>
|
||||
|
||||
Upstream-Status: Backport[https://github.com/qemu/qemu/commit/
|
||||
70dfabeaa79ba4d7a3b699abe1a047c8012db114#diff-18106d3b47a2d249f9d41e772b7db22d]
|
||||
|
||||
CVE: CVE-2018-15746
|
||||
|
||||
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
||||
---
|
||||
qemu-seccomp.c | 5 +++++
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/qemu-seccomp.c b/qemu-seccomp.c
|
||||
index 9cd8eb9..ba5500a 100644
|
||||
--- a/qemu-seccomp.c
|
||||
+++ b/qemu-seccomp.c
|
||||
@@ -120,6 +120,11 @@ static int seccomp_start(uint32_t seccomp_opts)
|
||||
goto seccomp_return;
|
||||
}
|
||||
|
||||
+ rc = seccomp_attr_set(ctx, SCMP_FLTATR_CTL_TSYNC, 1);
|
||||
+ if (rc != 0) {
|
||||
+ goto seccomp_return;
|
||||
+ }
|
||||
+
|
||||
for (i = 0; i < ARRAY_SIZE(blacklist); i++) {
|
||||
if (!(seccomp_opts & blacklist[i].set)) {
|
||||
continue;
|
||||
--
|
||||
2.7.4
|
||||
|
||||
@@ -21,6 +21,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
|
||||
file://0009-apic-fixup-fallthrough-to-PIC.patch \
|
||||
file://0010-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \
|
||||
file://0011-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
|
||||
file://CVE-2018-15746.patch \
|
||||
"
|
||||
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user