[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 25ddb9: e1000: fix tx re-entrancy problem

From: Richard Henderson
Subject: [Qemu-commits] [qemu/qemu] 25ddb9: e1000: fix tx re-entrancy problem
Date: Fri, 05 Nov 2021 06:59:53 -0700

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 25ddb946e6301f42cff3094ea1c25fb78813e7e9
  Author: Jon Maloy <jmaloy@redhat.com>
  Date:   2021-11-05 (Fri, 05 Nov 2021)

  Changed paths:
    M hw/net/e1000.c

  Log Message:
  e1000: fix tx re-entrancy problem

The fact that the MMIO handler is not re-entrant causes an infinite
loop under certain conditions:

Guest write to TDT ->  Loopback -> RX (DMA to TDT) -> TX

We now eliminate the effect of this problem locally in e1000, by adding
a boolean in struct E1000State indicating when the TX side is busy. This
will cause any entering new call to return early instead of interfering
with the ongoing work, and eliminates any risk of looping.

This is intended to address CVE-2021-20257.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

  Commit: 3fd641ac5ec713e67129c1a57e8b6281182bd843
  Author: Eduardo Habkost <ehabkost@redhat.com>
  Date:   2021-11-05 (Fri, 05 Nov 2021)

  Changed paths:
    M hw/core/machine.c

  Log Message:
  Fix virtio-net-pci* "vectors" compat

hw_compat_5_2 has an issue: it affects only "virtio-net-pci"
but not "virtio-net-pci-transitional" and
"virtio-net-pci-non-transitional".  The solution is to use the
"virtio-net-pci-base" type in compat_props.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1999141

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Jean-Louis Dupond <jean-louis@dupond.be>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

  Commit: e4d96a7eb83146c936d88182c8dee9ba899bb6bb
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2021-11-05 (Fri, 05 Nov 2021)

  Changed paths:
    M hw/core/machine.c
    M hw/net/e1000.c

  Log Message:
  Merge remote-tracking branch 'remotes/jasonwang/tags/net-pull-request' into 

# gpg: Signature made Thu 04 Nov 2021 11:42:00 PM EDT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) 
<jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasonwang/tags/net-pull-request:
  Fix virtio-net-pci* "vectors" compat
  e1000: fix tx re-entrancy problem

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

Compare: https://github.com/qemu/qemu/compare/18e356a53a29...e4d96a7eb831

reply via email to

[Prev in Thread] Current Thread [Next in Thread]