| Andrew Geissler | c926e17 | 2021-05-07 16:11:35 -0500 | [diff] [blame^] | 1 | From c0010f9b2bafe866fe32e3c2688454bc24147136 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jason Wang <jasowang@redhat.com> |
| 3 | Date: Wed, 24 Feb 2021 13:27:52 +0800 |
| 4 | Subject: [PATCH 06/10] tx_pkt: switch to use qemu_receive_packet_iov() for |
| 5 | loopback |
| 6 | MIME-Version: 1.0 |
| 7 | Content-Type: text/plain; charset=UTF-8 |
| 8 | Content-Transfer-Encoding: 8bit |
| 9 | |
| 10 | This patch switches to use qemu_receive_receive_iov() which can detect |
| 11 | reentrancy and return early. |
| 12 | |
| 13 | This is intended to address CVE-2021-3416. |
| 14 | |
| 15 | Cc: Prasad J Pandit <ppandit@redhat.com> |
| 16 | Cc: qemu-stable@nongnu.org |
| 17 | Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> |
| 18 | Signed-off-by: Jason Wang <jasowang@redhat.com> |
| 19 | |
| 20 | Upstream-Status: Backport [8c552542b81e56ff532dd27ec6e5328954bdda73] |
| 21 | CVE: CVE-2021-3416 |
| 22 | |
| 23 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> |
| 24 | --- |
| 25 | hw/net/net_tx_pkt.c | 2 +- |
| 26 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 27 | |
| 28 | diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c |
| 29 | index da262edc3..1f9aa59ec 100644 |
| 30 | --- a/hw/net/net_tx_pkt.c |
| 31 | +++ b/hw/net/net_tx_pkt.c |
| 32 | @@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt, |
| 33 | NetClientState *nc, const struct iovec *iov, int iov_cnt) |
| 34 | { |
| 35 | if (pkt->is_loopback) { |
| 36 | - nc->info->receive_iov(nc, iov, iov_cnt); |
| 37 | + qemu_receive_packet_iov(nc, iov, iov_cnt); |
| 38 | } else { |
| 39 | qemu_sendv_packet(nc, iov, iov_cnt); |
| 40 | } |
| 41 | -- |
| 42 | 2.29.2 |
| 43 | |