From b9a9f1d8d4b77ae34ed4b4826d176952e4f06f1f Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Thu, 1 Aug 2024 15:49:41 +0800
Subject: [PATCH] Bugfix for CVE-2024-3446

---
 Bugfix-for-CVE-2024-3446.patch | 42 ++++++++++++++++++++++++++++++++++
 qemu.spec                      |  8 ++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 Bugfix-for-CVE-2024-3446.patch

diff --git a/Bugfix-for-CVE-2024-3446.patch b/Bugfix-for-CVE-2024-3446.patch
new file mode 100644
index 0000000..1b581e5
--- /dev/null
+++ b/Bugfix-for-CVE-2024-3446.patch
@@ -0,0 +1,42 @@
+From 0b2e11237866fca432f188902e3689e5ec03ad62 Mon Sep 17 00:00:00 2001
+From: root <root@localhost.localdomain>
+Date: Thu, 1 Aug 2024 15:40:24 +0800
+Subject: [PATCH] Bugfix for CVE-2024-3446
+
+---
+ hw/char/virtio-serial-bus.c | 3 +--
+ hw/virtio/virtio-crypto.c   | 4 ++--
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
+index dd619f073..1221fb7f1 100644
+--- a/hw/char/virtio-serial-bus.c
++++ b/hw/char/virtio-serial-bus.c
+@@ -985,8 +985,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
+         return;
+     }
+ 
+-    port->bh = qemu_bh_new_guarded(flush_queued_data_bh, port,
+-                                   &dev->mem_reentrancy_guard);
++    port->bh = virtio_bh_new_guarded(dev, flush_queued_data_bh, port);
+     port->elem = NULL;
+ }
+ 
+diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c
+index 0e2cc8d5a..4aaced74b 100644
+--- a/hw/virtio/virtio-crypto.c
++++ b/hw/virtio/virtio-crypto.c
+@@ -1080,8 +1080,8 @@ static void virtio_crypto_device_realize(DeviceState *dev, Error **errp)
+         vcrypto->vqs[i].dataq =
+                  virtio_add_queue(vdev, 1024, virtio_crypto_handle_dataq_bh);
+         vcrypto->vqs[i].dataq_bh =
+-                 qemu_bh_new_guarded(virtio_crypto_dataq_bh, &vcrypto->vqs[i],
+-                                     &dev->mem_reentrancy_guard);
++                 virtio_bh_new_guarded(dev, virtio_crypto_dataq_bh,
++                                       &vcrypto->vqs[i]);
+         vcrypto->vqs[i].vcrypto = vcrypto;
+     }
+ 
+-- 
+2.27.0
+
diff --git a/qemu.spec b/qemu.spec
index 1a775f7..d40c4d8 100644
--- a/qemu.spec
+++ b/qemu.spec
@@ -1,4 +1,4 @@
-%define anolis_release 15
+%define anolis_release 16
 
 %bcond_with check
 
@@ -358,6 +358,9 @@ Patch1050: 1050-target-i386-Add-new-Hygon-Dharma-CPU-model.patch
 # Fix CVE-2024-3446
 # https://github.com/qemu/qemu/commit/ba28e0ff4d95b56dc334aac2730ab3651ffc3132
 Patch0038: 0038-hw-display-virtio-gpu-Protect-from-DMA-re-entrancy-b.patch
+# https://gitlab.com/qemu-project/qemu/-/commit/4f01537ced3e787bd985b8f8de5869b92657160a
+# https://gitlab.com/qemu-project/qemu/-/commit/fbeb0a160cbcc067c0e1f0d380cea4a31de213e3
+Patch0039: Bugfix-for-CVE-2024-3446.patch
 
 ExclusiveArch: x86_64 aarch64 loongarch64
 
@@ -1921,6 +1924,9 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
 %endif
 
 %changelog
+* Thu Aug 01 2024 lidongyue <dongyue@nfschina.com> -2.8.2.0-16
+- Fix CVE-2024-3446
+
 * Wed May 29 2024 Chang Gao <gc-taifu@linux.alibaba.com> -2.8.2.0-15
 - Fix CVE-2024-3446
 
-- 
Gitee