[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 7/9] net: vmxnet: initialise local tx descriptor
From: |
Jason Wang |
Subject: |
[Qemu-devel] [PULL 7/9] net: vmxnet: initialise local tx descriptor |
Date: |
Wed, 26 Oct 2016 10:24:09 +0800 |
From: Li Qiang <address@hidden>
In Vmxnet3 device emulator while processing transmit(tx) queue,
when it reaches end of packet, it calls vmxnet3_complete_packet.
In that local 'txcq_descr' object is not initialised, which could
leak host memory bytes a guest.
Reported-by: Li Qiang <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
Reviewed-by: Dmitry Fleytman <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
---
hw/net/vmxnet3.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 90f6943..92f6af9 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int
qidx, uint32_t tx_ridx)
VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, &s->txq_descr[qidx].comp_ring);
+ memset(&txcq_descr, 0, sizeof(txcq_descr));
txcq_descr.txdIdx = tx_ridx;
txcq_descr.gen = vmxnet3_ring_curr_gen(&s->txq_descr[qidx].comp_ring);
--
2.7.4
- [Qemu-devel] [PULL 0/9] Net patches, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 1/9] net: pcnet: check rx/tx descriptor ring length, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 2/9] net: pcnet: fix source formatting and indentation, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 3/9] tap-bsd: OpenBSD uses tap(4) now, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 4/9] net: eepro100: fix memory leak in device uninit, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 5/9] net: rocker: set limit to DMA buffer size, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 6/9] e1000e: Don't zero out buffer address in rx descriptor, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 7/9] net: vmxnet: initialise local tx descriptor,
Jason Wang <=
- [Qemu-devel] [PULL 8/9] net: rtl8139: limit processing of ring descriptors, Jason Wang, 2016/10/25
- [Qemu-devel] [PULL 9/9] colo-proxy: fix memory leak, Jason Wang, 2016/10/25
Re: [Qemu-devel] [PULL 0/9] Net patches, Peter Maydell, 2016/10/27