[Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation
@ 2016-08-02 11:37 P J P
  2016-08-04  5:36 ` Jason Wang
  0 siblings, 1 reply; 4+ messages in thread
From: P J P @ 2016-08-02 11:37 UTC (permalink / raw)
  To: Qemu Developers; +Cc: Jason Wang, Li Qiang, Prasad J Pandit

From: Prasad J Pandit <pjp@fedoraproject.org>

VMware VMXNET* NIC emulator supports packet fragmentation.
While fragmenting a packet, it checks for more fragments based
on packet length and current fragment length. It is susceptible
to an infinite loop, if the current fragment length is zero.
Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/net/vmxnet_tx_pkt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c
index 91e1e08..f4d0f5f 100644
--- a/hw/net/vmxnet_tx_pkt.c
+++ b/hw/net/vmxnet_tx_pkt.c
@@ -544,7 +544,7 @@ static bool vmxnet_tx_pkt_do_sw_fragmentation(struct VmxnetTxPkt *pkt,
 
         fragment_offset += fragment_len;
 
-    } while (more_frags);
+    } while (fragment_len && more_frags);
 
     return true;
 }
-- 
2.5.5

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation
  2016-08-02 11:37 [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation P J P
@ 2016-08-04  5:36 ` Jason Wang
  2016-08-04  7:35   ` P J P
  0 siblings, 1 reply; 4+ messages in thread
From: Jason Wang @ 2016-08-04  5:36 UTC (permalink / raw)
  To: P J P, Qemu Developers; +Cc: Li Qiang, Prasad J Pandit



On 2016年08月02日 19:37, P J P wrote:
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> VMware VMXNET* NIC emulator supports packet fragmentation.
> While fragmenting a packet, it checks for more fragments based
> on packet length and current fragment length. It is susceptible
> to an infinite loop, if the current fragment length is zero.
> Add check to avoid it.
>
> Reported-by: Li Qiang <liqiang6-s@360.cn>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---
>   hw/net/vmxnet_tx_pkt.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c
> index 91e1e08..f4d0f5f 100644
> --- a/hw/net/vmxnet_tx_pkt.c
> +++ b/hw/net/vmxnet_tx_pkt.c
> @@ -544,7 +544,7 @@ static bool vmxnet_tx_pkt_do_sw_fragmentation(struct VmxnetTxPkt *pkt,
>   
>           fragment_offset += fragment_len;
>   
> -    } while (more_frags);
> +    } while (fragment_len && more_frags);
>   
>       return true;
>   }

The patch doesn't apply cleanly on HEAD, we now move this logic to 
hw/net/net_tx_pkt.c. Please resend on top of HEAD and cc Dmitry Fleytman 
<dmitry@daynix.com>.

Thanks

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation
  2016-08-04  5:36 ` Jason Wang
@ 2016-08-04  7:35   ` P J P
  2016-08-09  3:42     ` Jason Wang
  0 siblings, 1 reply; 4+ messages in thread
From: P J P @ 2016-08-04  7:35 UTC (permalink / raw)
  To: Jason Wang; +Cc: Qemu Developers, Li Qiang

  Hello Jason,

+-- On Thu, 4 Aug 2016, Jason Wang wrote --+
| The patch doesn't apply cleanly on HEAD, we now move this logic to 
| hw/net/net_tx_pkt.c. Please resend on top of HEAD and cc Dmitry Fleytman 
| <dmitry@daynix.com>.

  I see, that explains why it did not show-up in search. I've sent a revised 
patch v2. Nevertheless, the patch here would apply to Qemu versions <= 2.6.0.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation
  2016-08-04  7:35   ` P J P
@ 2016-08-09  3:42     ` Jason Wang
  0 siblings, 0 replies; 4+ messages in thread
From: Jason Wang @ 2016-08-09  3:42 UTC (permalink / raw)
  To: P J P; +Cc: Qemu Developers, Li Qiang



On 2016年08月04日 15:35, P J P wrote:
>    Hello Jason,
>
> +-- On Thu, 4 Aug 2016, Jason Wang wrote --+
> | The patch doesn't apply cleanly on HEAD, we now move this logic to
> | hw/net/net_tx_pkt.c. Please resend on top of HEAD and cc Dmitry Fleytman
> | <dmitry@daynix.com>.
>
>    I see, that explains why it did not show-up in search. I've sent a revised
> patch v2. Nevertheless, the patch here would apply to Qemu versions <= 2.6.0.
>
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Yes, I will cc stable this time. Please do it next time if you want the 
fix for stable too.

Thanks

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-08-09  3:42 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-08-02 11:37 [Qemu-devel] [PATCH] net: vmxnet: check fragment length during fragmentation P J P
2016-08-04  5:36 ` Jason Wang
2016-08-04  7:35   ` P J P
2016-08-09  3:42     ` Jason Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).