[Qemu-devel] [PULL 0/2] Net patches

[Qemu-devel] [PULL 0/2] Net patches

[Jason Wang]

The following changes since commit 5f0e775348082c355769a3df612e055abea61c06:

  Update version for v2.7.0-rc3 release (2016-08-16 17:34:30 +0100)

are available in the git repository at:

  https://github.com/jasowang/qemu.git tags/net-pull-request

for you to fetch changes up to e9e0a5854b6dc888f44e7e280a007326714199a6:

  net/net: properly handle multiple packets in net_fill_rstate() (2016-08-18 12:20:57 +0800)

----------------------------------------------------------------

----------------------------------------------------------------
Li Qiang (1):
      net: vmxnet: use g_new for pkt initialisation

Zhang Chen (1):
      net/net: properly handle multiple packets in net_fill_rstate()

 hw/net/net_tx_pkt.c | 5 ++---
 net/net.c           | 8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

[Qemu-devel] [PULL 1/2] net: vmxnet: use g_new for pkt initialisation

[Jason Wang]

From: Li Qiang <liqiang6-s@360.cn>

When network transport abstraction layer initialises pkt, the maximum
fragmentation count is not checked. This could lead to an integer
overflow causing a NULL pointer dereference. Replace g_malloc() with
g_new() to catch the multiplication overflow.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 hw/net/net_tx_pkt.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index 53dfaa2..20b2549 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -65,10 +65,9 @@ void net_tx_pkt_init(struct NetTxPkt **pkt, PCIDevice *pci_dev,
 
     p->pci_dev = pci_dev;
 
-    p->vec = g_malloc((sizeof *p->vec) *
-        (max_frags + NET_TX_PKT_PL_START_FRAG));
+    p->vec = g_new(struct iovec, max_frags + NET_TX_PKT_PL_START_FRAG);
 
-    p->raw = g_malloc((sizeof *p->raw) * max_frags);
+    p->raw = g_new(struct iovec, max_frags);
 
     p->max_payload_frags = max_frags;
     p->max_raw_frags = max_frags;
-- 
2.7.4

[Qemu-devel] [PULL 2/2] net/net: properly handle multiple packets in net_fill_rstate()

[Jason Wang]

From: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>

When network is busy, we will receive multiple packets at one time. In
that situation, we should keep trying to do the receiving instead of
finalizing only the first packet.

Signed-off-by: Zhang Chen <zhangchen.fnst@cn.fujitsu.com>
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/net.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/net.c b/net/net.c
index c124b11..d51cb29 100644
--- a/net/net.c
+++ b/net/net.c
@@ -1602,9 +1602,8 @@ void net_socket_rs_init(SocketReadState *rs,
 
 /*
  * Returns
- * 0: SocketReadState is not ready
- * 1: SocketReadState is ready
- * otherwise error occurs
+ * 0: success
+ * -1: error occurs
  */
 int net_fill_rstate(SocketReadState *rs, const uint8_t *buf, int size)
 {
@@ -1652,10 +1651,11 @@ int net_fill_rstate(SocketReadState *rs, const uint8_t *buf, int size)
                 if (rs->finalize) {
                     rs->finalize(rs);
                 }
-                return 1;
             }
             break;
         }
     }
+
+    assert(size == 0);
     return 0;
 }
-- 
2.7.4

Re: [Qemu-devel] [PULL 0/2] Net patches

[Peter Maydell]

On 18 August 2016 at 06:40, Jason Wang <jasowang@redhat.com> wrote:
> The following changes since commit 5f0e775348082c355769a3df612e055abea61c06:
>
>   Update version for v2.7.0-rc3 release (2016-08-16 17:34:30 +0100)
>
> are available in the git repository at:
>
>   https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to e9e0a5854b6dc888f44e7e280a007326714199a6:
>
>   net/net: properly handle multiple packets in net_fill_rstate() (2016-08-18 12:20:57 +0800)
>
> ----------------------------------------------------------------
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM