hw: replace most qemu_bh_new calls with qemu_bh_new_guarded (bsc#1222843, CVE-2024-3446)

This protects devices from bh->mmio reentrancy issues. Thanks: Thomas Huth <thuth@redhat.com> for diagnosing OS X test failure. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20230427211013.2994127-5-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com> (cherry picked from commit f63192b054) References: bsc#1222843 Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
2023-04-27 17:10:09 -04:00
parent 4d9c1b52ca
commit 9b139d24f0
24 changed files with 62 additions and 31 deletions
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -2780,7 +2780,8 @@ static void virtio_net_add_queue(VirtIONet *n, int index)
        n->vqs[index].tx_vq =
            virtio_add_queue(vdev, n->net_conf.tx_queue_size,
                             virtio_net_handle_tx_bh);
-        n->vqs[index].tx_bh = qemu_bh_new(virtio_net_tx_bh, &n->vqs[index]);
+        n->vqs[index].tx_bh = qemu_bh_new_guarded(virtio_net_tx_bh, &n->vqs[index],
+                                                  &DEVICE(vdev)->mem_reentrancy_guard);
    }

    n->vqs[index].tx_waiting = 0;