[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/6] net: introduce qemu_receive_packet()

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH 1/6] net: introduce qemu_receive_packet()
Date: Wed, 24 Feb 2021 14:43:29 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0

On 2/24/21 2:17 PM, Jason Wang wrote:
> On 2021/2/24 6:11 下午, Philippe Mathieu-Daudé wrote:
>> On 2/24/21 6:53 AM, Jason Wang wrote:
>>> Some NIC supports loopback mode and this is done by calling
>>> nc->info->receive() directly which in fact suppresses the effort of
>>> reentrancy check that is done in qemu_net_queue_send().
>>> Unfortunately we can use qemu_net_queue_send() here since for loop
>>> back there's no sender as peer, so this patch introduce a
>>> qemu_receive_packet() which is used for implementing loopback mode
>>> for a NIC with this check.
>> IIUC the guest could trigger an infinite loop and brick the emulated
>> device model. Likely exhausting the stack, so either SEGV by
>> corruption or some ENOMEM?
> Yes.
>> Since this is guest triggerable, shouldn't we contact qemu-security@
>> list and ask for a CVE for this issue, so distributions can track
>> the patches to backport in their stable releases? (it seems to be
>> within the KVM devices boundary).
> That's the plan. I discussed this with Prasad before and he promise to
> ask CVE for this.

Good! We just need to be sure to amend the CVE number to the patches
before committing them.

> But it's a knwon issue, the reentrant DMA which has been discussed
> before[1], unfortuantely we don't make any progress. This patch can only
> fix the NIC RX issue.
> Thanks
> [1] https://mail.gnu.org/archive/html/qemu-devel/2020-09/msg00906.html

reply via email to

[Prev in Thread] Current Thread [Next in Thread]