Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing

From:	Eric Blake
Subject:	Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets
Date:	Thu, 29 Nov 2018 08:05:41 -0600
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0

On 11/29/18 6:14 AM, Jason Wang wrote:

Hi:

This series tries to fix a possible OOB during queueing packets
through qemu_net_queue_append_iov(). This could happen when it tries
to queue a packet whose size is larger than INT_MAX which may lead
integer overflow. We've fixed similar issue in the past during
qemu_net_queue_deliver_iov() by ignoring large packets there. Let's
just move the check earlier to qemu_sendv_packet_async() and reduce
the limitation to NET_BUFSIZE. A simple qtest were also added this.

Please review.

How important is this for 3.1? We've missed -rc3. Is this CVE qualitybecause of a guest being able to cause mayhem by intentionally gettinginto this condition (in which case, we need it, as well as a CVEassigned)? Is it pre-existing in 3.0 at which point waiting for 4.0 isno worse off than what we already are?


--
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets, Jason Wang, 2018/11/29
- [Qemu-devel] [PATCH V2 for 3.1 1/4] net: drop too large packet early, Jason Wang, 2018/11/29
- [Qemu-devel] [PATCH V2 for 3.1 2/4] virtio-net-test: remove unused macro, Jason Wang, 2018/11/29
- [Qemu-devel] [PATCH V2 for 3.1 3/4] virtio-net-test: accept variable length argument in pci_test_start(), Jason Wang, 2018/11/29
- [Qemu-devel] [PATCH V2 for 3.1 4/4] virtio-net-test: add large tx buffer test, Jason Wang, 2018/11/29
  - Re: [Qemu-devel] [PATCH V2 for 3.1 4/4] virtio-net-test: add large tx buffer test, Thomas Huth, 2018/11/29
- Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets, Eric Blake <=
  - Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets, P J P, 2018/11/30
    - Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets, Jason Wang, 2018/11/30
    - Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets, Daniel P . Berrangé, 2018/11/30

Prev by Date: Re: [Qemu-devel] [PATCH for-4.0 2/4] checkpatch: check Signed-off-by in --mailback mode
Next by Date: Re: [Qemu-devel] [PATCH for-3.1? RFC v2 0/5] fix some segmentation faults and migration issues
Previous by thread: Re: [Qemu-devel] [PATCH V2 for 3.1 4/4] virtio-net-test: add large tx buffer test
Next by thread: Re: [Qemu-devel] [PATCH V2 for 3.1 0/4] Fix possible OOB during queuing packets
Index(es):
- Date
- Thread