| Andrew Geissler | c926e17 | 2021-05-07 16:11:35 -0500 | [diff] [blame^] | 1 | From 64b38675c728354e4015e4bec3d975cd4cb8a981 Mon Sep 17 00:00:00 2001 |
| 2 | From: Alexander Bulekov <alxndr@bu.edu> |
| 3 | Date: Fri, 26 Feb 2021 13:47:53 -0500 |
| 4 | Subject: [PATCH 07/10] rtl8139: switch to use qemu_receive_packet() for |
| 5 | loopback |
| 6 | MIME-Version: 1.0 |
| 7 | Content-Type: text/plain; charset=UTF-8 |
| 8 | Content-Transfer-Encoding: 8bit |
| 9 | |
| 10 | This patch switches to use qemu_receive_packet() which can detect |
| 11 | reentrancy and return early. |
| 12 | |
| 13 | This is intended to address CVE-2021-3416. |
| 14 | |
| 15 | Cc: Prasad J Pandit <ppandit@redhat.com> |
| 16 | Cc: qemu-stable@nongnu.org |
| 17 | Buglink: https://bugs.launchpad.net/qemu/+bug/1910826 |
| 18 | Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com |
| 19 | Signed-off-by: Alexander Bulekov <alxndr@bu.edu> |
| 20 | Signed-off-by: Jason Wang <jasowang@redhat.com> |
| 21 | |
| 22 | Upstream-Status: Backport [5311fb805a4403bba024e83886fa0e7572265de4] |
| 23 | CVE: CVE-2021-3416 |
| 24 | |
| 25 | Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> |
| 26 | --- |
| 27 | hw/net/rtl8139.c | 2 +- |
| 28 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 29 | |
| 30 | diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c |
| 31 | index ba5ace1ab..d2dd03e6a 100644 |
| 32 | --- a/hw/net/rtl8139.c |
| 33 | +++ b/hw/net/rtl8139.c |
| 34 | @@ -1795,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size, |
| 35 | } |
| 36 | |
| 37 | DPRINTF("+++ transmit loopback mode\n"); |
| 38 | - rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt); |
| 39 | + qemu_receive_packet(qemu_get_queue(s->nic), buf, size); |
| 40 | |
| 41 | if (iov) { |
| 42 | g_free(buf2); |
| 43 | -- |
| 44 | 2.29.2 |
| 45 | |