| From 0cf33fb6b49a19de32859e2cdc6021334f448fb3 Mon Sep 17 00:00:00 2001 |
| From: Jason Wang <jasowang@redhat.com> |
| Date: Fri, 25 Sep 2015 13:21:30 +0800 |
| Subject: [PATCH] virtio-net: correctly drop truncated packets |
| |
| When packet is truncated during receiving, we drop the packets but |
| neither discard the descriptor nor add and signal used |
| descriptor. This will lead several issues: |
| |
| - sg mappings are leaked |
| - rx will be stalled if a lots of packets were truncated |
| |
| In order to be consistent with vhost, fix by discarding the descriptor |
| in this case. |
| |
| Cc: Michael S. Tsirkin <mst@redhat.com> |
| Signed-off-by: Jason Wang <jasowang@redhat.com> |
| Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
| Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
| |
| Upstream-Status: Backport |
| |
| git.qemu.org/?p=qemu.git;a=commit;h=0cf33fb6b49a19de32859e2cdc6021334f448fb3 |
| |
| CVE: CVE-2015-7295 patch #3 |
| [Yocto # 9013] |
| |
| Signed-off-by: Armin Kuster <akuster@mvista.com> |
| |
| --- |
| hw/net/virtio-net.c | 8 +------- |
| 1 file changed, 1 insertion(+), 7 deletions(-) |
| |
| Index: qemu-2.4.0/hw/net/virtio-net.c |
| =================================================================== |
| --- qemu-2.4.0.orig/hw/net/virtio-net.c |
| +++ qemu-2.4.0/hw/net/virtio-net.c |
| @@ -1086,13 +1086,7 @@ static ssize_t virtio_net_receive(NetCli |
| * must have consumed the complete packet. |
| * Otherwise, drop it. */ |
| if (!n->mergeable_rx_bufs && offset < size) { |
| -#if 0 |
| - error_report("virtio-net truncated non-mergeable packet: " |
| - "i %zd mergeable %d offset %zd, size %zd, " |
| - "guest hdr len %zd, host hdr len %zd", |
| - i, n->mergeable_rx_bufs, |
| - offset, size, n->guest_hdr_len, n->host_hdr_len); |
| -#endif |
| + virtqueue_discard(q->rx_vq, &elem, total); |
| return size; |
| } |
| |