qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] e1000: fix tx re-entrancy problem

From: Jon Maloy
Subject: Re: [PATCH] e1000: fix tx re-entrancy problem
Date: Thu, 16 Dec 2021 10:51:10 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 


On 12/16/21 04:36, Philippe Mathieu-Daudé wrote:

Hi Jon,

On 10/21/21 18:10, Jon Maloy wrote:

The fact that the MMIO handler is not re-entrant causes an infinite
loop under certain conditions:

Guest write to TDT ->  Loopback -> RX (DMA to TDT) -> TX

We now eliminate the effect of this problem locally in e1000, by adding
a boolean in struct E1000State indicating when the TX side is busy. This
will cause any entering new call to return early instead of interfering
with the ongoing work, and eliminates any risk of looping.

This is intended to address CVE-2021-20257.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
---
  hw/net/e1000.c | 7 +++++++
  1 file changed, 7 insertions(+)

I can not find the reproducer in the repository, have you sent one?


No, I did not add it to the repo.
It was referenced from the tracker BZ, but I was unable to get access back then. 
It ended up with that I had it sent by mail to me directly.
What is your question? Is it that it should be in the repo, or that you cannot find it? 

///jon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]