From b3d15f773d9d9a291c017b6ebc1fb71099a7034f Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Fri, 16 May 2025 10:43:55 +0100
Subject: [PATCH 1/3] Require crossbeam-channel 0.5.15 or higher

crosbeam-channel from version 0.5.12 to 0.5.14 are affected by
CVE-2025-4574 (https://bugzilla.redhat.com/show_bug.cgi?id=2358890)

Signed-off-by: Sergio Lopez <slp@redhat.com>
---
 src/devices/Cargo.toml | 2 +-
 src/hvf/Cargo.toml     | 4 ++--
 src/libkrun/Cargo.toml | 2 +-
 src/utils/Cargo.toml   | 2 +-
 src/vmm/Cargo.toml     | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/devices/Cargo.toml b/src/devices/Cargo.toml
index 20895cc20..f89a929c2 100644
--- a/src/devices/Cargo.toml
+++ b/src/devices/Cargo.toml
@@ -16,7 +16,7 @@ virgl_resource_map2 = []
 
 [dependencies]
 bitflags = "1.2.0"
-crossbeam-channel = "0.5"
+crossbeam-channel = ">=0.5.15"
 env_logger = "0.9.0"
 libc = ">=0.2.39"
 libloading = "0.8"
diff --git a/src/hvf/Cargo.toml b/src/hvf/Cargo.toml
index bd3043177..57b353448 100644
--- a/src/hvf/Cargo.toml
+++ b/src/hvf/Cargo.toml
@@ -5,9 +5,9 @@ authors = ["Sergio Lopez <slp@sinrega.org>"]
 edition = "2021"
 
 [dependencies]
-crossbeam-channel = "0.5"
+crossbeam-channel = ">=0.5.15"
 libloading = "0.8"
 log = "0.4.0"
 env_logger = "0.9.0"
 
-arch = { path = "../arch" }
\ No newline at end of file
+arch = { path = "../arch" }
diff --git a/src/libkrun/Cargo.toml b/src/libkrun/Cargo.toml
index 84acd5cb6..5fe1ca073 100644
--- a/src/libkrun/Cargo.toml
+++ b/src/libkrun/Cargo.toml
@@ -16,7 +16,7 @@ snd = []
 virgl_resource_map2 = []
 
 [dependencies]
-crossbeam-channel = "0.5"
+crossbeam-channel = ">=0.5.15"
 env_logger = "0.9.0"
 libc = ">=0.2.39"
 libloading = "0.8"
diff --git a/src/utils/Cargo.toml b/src/utils/Cargo.toml
index d4d29a14f..56dfbb448 100644
--- a/src/utils/Cargo.toml
+++ b/src/utils/Cargo.toml
@@ -10,7 +10,7 @@ env_logger = "0.9.0"
 libc = ">=0.2.85"
 log = "0.4.0"
 vmm-sys-util = "0.12.1"
-crossbeam-channel = "0.5"
+crossbeam-channel = ">=0.5.15"
 
 [target.'cfg(target_os = "linux")'.dependencies]
 kvm-bindings = { version = ">=0.10", features = ["fam-wrappers"] }
diff --git a/src/vmm/Cargo.toml b/src/vmm/Cargo.toml
index 0a0122c83..fa010a4ca 100644
--- a/src/vmm/Cargo.toml
+++ b/src/vmm/Cargo.toml
@@ -14,7 +14,7 @@ gpu = []
 snd = []
 
 [dependencies]
-crossbeam-channel = "0.5"
+crossbeam-channel = ">=0.5.15"
 env_logger = "0.9.0"
 flate2 = "1.0.35"
 libc = ">=0.2.39"

From 04e0d52349e34b973ec20a41f83473ba36875589 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Fri, 16 May 2025 11:03:49 +0100
Subject: [PATCH 2/3] clippy: use std::io::Error::other

Signed-off-by: Sergio Lopez <slp@redhat.com>
---
 src/devices/src/legacy/hvfgicv3.rs | 7 +++----
 src/devices/src/virtio/snd/mod.rs  | 3 +--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/devices/src/legacy/hvfgicv3.rs b/src/devices/src/legacy/hvfgicv3.rs
index d401274ee..c831bba15 100644
--- a/src/devices/src/legacy/hvfgicv3.rs
+++ b/src/devices/src/legacy/hvfgicv3.rs
@@ -135,10 +135,9 @@ impl IrqChipT for HvfGicV3 {
         if let Some(irq_line) = irq_line {
             let ret = unsafe { (self.bindings.hv_gic_set_spi)(irq_line, true) };
             if ret != HV_SUCCESS {
-                Err(DeviceError::FailedSignalingUsedQueue(io::Error::new(
-                    io::ErrorKind::Other,
-                    "HVF returned error when setting SPI",
-                )))
+                Err(DeviceError::FailedSignalingUsedQueue(
+                    std::io::Error::other("HVF returned error when setting SPI"),
+                ))
             } else {
                 Ok(())
             }
diff --git a/src/devices/src/virtio/snd/mod.rs b/src/devices/src/virtio/snd/mod.rs
index 9d30fb009..8ca9440f3 100644
--- a/src/devices/src/virtio/snd/mod.rs
+++ b/src/devices/src/virtio/snd/mod.rs
@@ -1,6 +1,5 @@
 use std::{
     io::Error as IoError,
-    io::ErrorKind,
     sync::{atomic::AtomicUsize, Arc, Mutex},
 };
 
@@ -144,7 +143,7 @@ pub enum Error {
 
 impl From<Error> for IoError {
     fn from(e: Error) -> Self {
-        Self::new(ErrorKind::Other, e)
+        Self::other(e)
     }
 }
 

From 7ef963a6694dbffba35b0e7943b5351b1a057114 Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Fri, 16 May 2025 11:08:45 +0100
Subject: [PATCH 3/3] clippy: use std::ptr:eq

Signed-off-by: Sergio Lopez <slp@redhat.com>
---
 src/vmm/src/macos/vstate.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/vmm/src/macos/vstate.rs b/src/vmm/src/macos/vstate.rs
index 4ccc4d6f5..31e6a933e 100644
--- a/src/vmm/src/macos/vstate.rs
+++ b/src/vmm/src/macos/vstate.rs
@@ -232,7 +232,7 @@ impl Vcpu {
         // _before_ running this, then there is nothing we can do.
         Self::TLS_VCPU_PTR.with(|cell: &VcpuCell| {
             if let Some(vcpu_ptr) = cell.get() {
-                if vcpu_ptr == self as *const Vcpu {
+                if std::ptr::eq(vcpu_ptr, self) {
                     Self::TLS_VCPU_PTR.with(|cell: &VcpuCell| cell.take());
                     return Ok(());
                 }