diff -Nru qemu-2.5+dfsg/debian/changelog qemu-2.5+dfsg/debian/changelog --- qemu-2.5+dfsg/debian/changelog 2021-02-10 13:40:50.000000000 +0000 +++ qemu-2.5+dfsg/debian/changelog 2021-02-17 16:34:35.000000000 +0000 @@ -1,9 +1,7 @@ -qemu (1:2.5+dfsg-5ubuntu10.50) xenial-security; urgency=medium +qemu (1:2.5+dfsg-5ubuntu10.51) xenial-security; urgency=medium * SECURITY REGRESSION: fix multiple regressions caused by CVE-2020-13754 security update (LP: #1914883) - - debian/patches/CVE-2020-13754-3.patch: log invalid memory accesses in - memory.c. - debian/patches/CVE-2020-13754-5.patch: allow 64-bit accesses in hw/timer/slavio_timer.c. - debian/patches/CVE-2020-13754-9.patch: fix valid.max_access_size to diff -Nru qemu-2.5+dfsg/debian/patches/CVE-2020-13754-3.patch qemu-2.5+dfsg/debian/patches/CVE-2020-13754-3.patch --- qemu-2.5+dfsg/debian/patches/CVE-2020-13754-3.patch 2021-02-10 13:39:48.000000000 +0000 +++ qemu-2.5+dfsg/debian/patches/CVE-2020-13754-3.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ -Backport of: - -From 21786c7e59847b1612406ff394958f22e5b323f8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= -Date: Mon, 5 Oct 2020 17:27:25 +0200 -Subject: [PATCH] softmmu/memory: Log invalid memory accesses -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Log invalid memory accesses with as GUEST_ERROR. - -This is particularly useful since commit 5d971f9e67 which reverted -("memory: accept mismatching sizes in memory_region_access_valid"). - -Signed-off-by: Philippe Mathieu-Daudé -Reviewed-by: Michael S. Tsirkin -Message-Id: <20201005152725.2143444-1-philmd@redhat.com> -Signed-off-by: Laurent Vivier ---- - softmmu/memory.c | 16 ++++++++++++++++ - 1 file changed, 16 insertions(+) - ---- a/memory.c -+++ b/memory.c -@@ -18,6 +18,7 @@ - #include "exec/ioport.h" - #include "qapi/visitor.h" - #include "qemu/bitops.h" -+#include "qemu/log.h" - #include "qom/object.h" - #include "trace.h" - #include -@@ -1066,10 +1067,18 @@ bool memory_region_access_valid(MemoryRe - { - if (mr->ops->valid.accepts - && !mr->ops->valid.accepts(mr->opaque, addr, size, is_write)) { -+ qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr " -+ "0x%" HWADDR_PRIX ", size %u, " -+ "region '%s', reason: rejected\n", -+ addr, size, memory_region_name(mr)); - return false; - } - - if (!mr->ops->valid.unaligned && (addr & (size - 1))) { -+ qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr " -+ "0x%" HWADDR_PRIX ", size %u, " -+ "region '%s', reason: unaligned\n", -+ addr, size, memory_region_name(mr)); - return false; - } - -@@ -1080,6 +1089,13 @@ bool memory_region_access_valid(MemoryRe - - if (size > mr->ops->valid.max_access_size - || size < mr->ops->valid.min_access_size) { -+ qemu_log_mask(LOG_GUEST_ERROR, "Invalid access at addr " -+ "0x%" HWADDR_PRIX ", size %u, " -+ "region '%s', reason: invalid size " -+ "(min:%u max:%u)\n", -+ addr, size, memory_region_name(mr), -+ mr->ops->valid.min_access_size, -+ mr->ops->valid.max_access_size); - return false; - } - return true; diff -Nru qemu-2.5+dfsg/debian/patches/series qemu-2.5+dfsg/debian/patches/series --- qemu-2.5+dfsg/debian/patches/series 2021-02-10 13:40:30.000000000 +0000 +++ qemu-2.5+dfsg/debian/patches/series 2021-02-17 16:34:40.000000000 +0000 @@ -342,6 +342,5 @@ CVE-2020-29443-1.patch CVE-2020-29443-2.patch CVE-2021-20181.patch -CVE-2020-13754-3.patch CVE-2020-13754-5.patch CVE-2020-13754-9.patch