From: Stefan Weil <sw@weilnetz.de>
To: P J P <ppandit@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>,
Jason Wang <jasowang@redhat.com>, Li Qiang <liq3ea@gmail.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Alexander Bulekov <alxndr@bu.edu>,
Ruhr-University Bochum <bugs-syssec@rub.de>
Subject: Re: [PATCH] net: eepro100: validate various address values
Date: Fri, 19 Feb 2021 10:52:05 +0100 [thread overview]
Message-ID: <89da11b8-cecf-d161-2dfc-d62a7edd0356@weilnetz.de> (raw)
In-Reply-To: <n62s8q1-4ns8-pq39-7r2o-p483n3555o1p@erqung.pbz>
Am 19.02.21 um 10:26 schrieb P J P:
> Hello Stefan,
>
> +-- On Fri, 19 Feb 2021, Stefan Weil wrote --+
> | If there are no recursions in normal use, the following patch should work:
> |
> | diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
> | index 16e95ef9cc..2474cf3dc2 100644
> | --- a/hw/net/eepro100.c
> | +++ b/hw/net/eepro100.c
> | @@ -279,6 +279,9 @@ typedef struct {
> | /* Quasi static device properties (no need to save them). */
> | uint16_t stats_size;
> | bool has_extended_tcb_support;
> | +
> | + /* Flag to avoid recursions. */
> | + bool busy;
> | } EEPRO100State;
> |
> | /* Word indices in EEPROM. */
> | @@ -837,6 +840,14 @@ static void action_command(EEPRO100State *s)
> | Therefore we limit the number of iterations. */
> | unsigned max_loop_count = 16;
> |
> | + if (s->busy) {
> | + /* Prevent recursions. */
> | + logout("recursion in %s:%u\n", __FILE__, __LINE__);
> | + return;
> | + }
> | +
> | + s->busy = true;
> | +
> | for (;;) {
> | bool bit_el;
> | bool bit_s;
> | @@ -933,6 +944,7 @@ static void action_command(EEPRO100State *s)
> | }
> | TRACE(OTHER, logout("CU list empty\n"));
> | /* List is empty. Now CU is idle or suspended. */
> | + s->busy = false;
> | }
> |
> | static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
>
> Please see:
> -> https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
>
> * It does not seem to address above case.
My suggested patch fixes that test case: it no longer crashes because of
an endless recursion.
Stefan
prev parent reply other threads:[~2021-02-19 9:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-18 14:06 [PATCH] net: eepro100: validate various address values P J P
2021-02-18 14:18 ` no-reply
2021-02-18 14:41 ` Peter Maydell
2021-02-18 16:10 ` Stefan Weil
2021-02-19 1:54 ` Alexander Bulekov
2021-02-19 2:06 ` Li Qiang
2021-02-19 2:14 ` Alexander Bulekov
2021-02-19 4:43 ` Li Qiang
2021-02-20 3:05 ` Alexander Bulekov
2021-02-19 6:11 ` P J P
2021-02-19 8:08 ` Stefan Weil
2021-02-19 8:26 ` Stefan Weil
2021-02-19 9:26 ` P J P
2021-02-19 9:52 ` Stefan Weil [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89da11b8-cecf-d161-2dfc-d62a7edd0356@weilnetz.de \
--to=sw@weilnetz.de \
--cc=alxndr@bu.edu \
--cc=bugs-syssec@rub.de \
--cc=jasowang@redhat.com \
--cc=liq3ea@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).