[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/2] assertion failure in net_tx_pkt_add_raw_fragment() in hw/net
|
From: |
Mauro Matteo Cascella |
|
Subject: |
[PATCH 0/2] assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c |
|
Date: |
Mon, 27 Jul 2020 19:08:36 +0200 |
An assertion failure issue was reported by Mr. Ziming Zhang (CC'd).
It occurs in the code that processes network packets while adding data
fragments into packet context. This flaw could potentially be abused by
a malicious guest to abort the QEMU process on the host. This two patch
series does a couple of things:
- introduces a new function in net_tx_pkt.{c,h} to check the maximum number
of data fragments
- adds a check in both e1000e and vmxnet3 devices to skip the packet if the
current data fragment exceeds max_raw_frags, preventing
net_tx_pkt_add_raw_fragment() to be called with an invalid raw_frags
Mauro Matteo Cascella (2):
hw/net/net_tx_pkt: add function to check pkt->max_raw_frags
hw/net: check max_raw_frags in e1000e and vmxnet3 devices
hw/net/e1000e_core.c | 3 ++-
hw/net/net_tx_pkt.c | 5 +++++
hw/net/net_tx_pkt.h | 8 ++++++++
hw/net/vmxnet3.c | 3 ++-
4 files changed, 17 insertions(+), 2 deletions(-)
--
2.26.2
- [PATCH 0/2] assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c,
Mauro Matteo Cascella <=
[PATCH 2/2] hw/net: check max_raw_frags in e1000e and vmxnet3 devices, Mauro Matteo Cascella, 2020/07/27
Re: [PATCH 0/2] assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c, Alexander Bulekov, 2020/07/27