[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] hw/net: Discard overly fragmented packets

From: Thomas Huth
Subject: Re: [PATCH] hw/net: Discard overly fragmented packets
Date: Fri, 5 Aug 2022 16:51:26 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0

On 11/08/2021 06.08, Jason Wang wrote:

在 2021/8/4 上午9:43, Jason Wang 写道:

在 2021/8/3 下午5:51, Philippe Mathieu-Daudé 写道:
On 8/3/21 11:33 AM, Thomas Huth wrote:
On 05/07/2021 10.40, Philippe Mathieu-Daudé wrote:
Our infrastructure can handle fragmented packets up to
NET_MAX_FRAG_SG_LIST (64) pieces. This hard limit has
been proven enough in production for years. If it is
reached, it is likely an evil crafted packet. Discard it.

Include the qtest reproducer provided by Alexander Bulekov:

    $ make check-qtest-i386
    Running test qtest-i386/fuzz-vmxnet3-test
    qemu-system-i386: net/eth.c:334: void
eth_setup_ip4_fragmentation(const void *, size_t, void *, size_t,
size_t, size_t, _Bool):
    Assertion `frag_offset % IP_FRAG_UNIT_SIZE == 0' failed.

Cc: qemu-stable@nongnu.org
Reported-by: OSS-Fuzz (Issue 35799)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/460
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
   hw/net/net_tx_pkt.c             |   8 ++
   tests/qtest/fuzz-vmxnet3-test.c | 195 ++++++++++++++++++++++++++++++++
   MAINTAINERS                     |   1 +
   tests/qtest/meson.build         |   1 +
   4 files changed, 205 insertions(+)
   create mode 100644 tests/qtest/fuzz-vmxnet3-test.c
Reviewed-by: Thomas Huth <thuth@redhat.com>

Jason, I think this would even still qualify for QEMU v6.1 ?
Yes, easy one for 6.1.

Yes, this will be included for rc3.


For some reasons it misses rc3.

I will include it for 6.2.


 Hi Jason,

looks like this fell through the cracks again ... could you maybe pick it up now for QEMU 7.1 ?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]