qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PULL 0/2] Net patches
@ 2020-08-04  6:41 Jason Wang
  2020-08-04  6:41 ` [PULL 1/2] colo-compare: Remove superfluous NULL-pointer checks for s->iothread Jason Wang
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Jason Wang @ 2020-08-04  6:41 UTC (permalink / raw)
  To: peter.maydell; +Cc: Jason Wang, qemu-devel

The following changes since commit 5c1c3e4f02e458cf280c677c817ae4fd1ed9bf10:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200803' into staging (2020-08-03 20:34:26 +0100)

are available in the git repository at:

  https://github.com/jasowang/qemu.git tags/net-pull-request

for you to fetch changes up to 035e69b063835a5fd23cacabd63690a3d84532a8:

  hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (2020-08-04 14:14:48 +0800)

----------------------------------------------------------------

----------------------------------------------------------------
Lukas Straub (1):
      colo-compare: Remove superfluous NULL-pointer checks for s->iothread

Mauro Matteo Cascella (1):
      hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()

 hw/net/net_tx_pkt.c | 5 ++++-
 net/colo-compare.c  | 8 ++------
 2 files changed, 6 insertions(+), 7 deletions(-)



^ permalink raw reply	[flat|nested] 5+ messages in thread
* [PULL 1/2] colo-compare: Remove superfluous NULL-pointer checks for s->iothread
  2020-08-04  6:41 [PULL 0/2] Net patches Jason Wang
@ 2020-08-04  6:41 ` Jason Wang
  2020-08-04  6:41 ` [PULL 2/2] hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() Jason Wang
  2020-08-04 10:53 ` [PULL 0/2] Net patches Peter Maydell
  2 siblings, 0 replies; 5+ messages in thread
From: Jason Wang @ 2020-08-04  6:41 UTC (permalink / raw)
  To: peter.maydell; +Cc: Jason Wang, Lukas Straub, qemu-devel

From: Lukas Straub <lukasstraub2@web.de>

s->iothread is checked for NULL on object creation in colo_compare_complete,
so it's guaranteed not to be NULL.
This resolves a false alert from Coverity (CID 1429969).

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 net/colo-compare.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/net/colo-compare.c b/net/colo-compare.c
index cc15f23..2c20de1 100644
--- a/net/colo-compare.c
+++ b/net/colo-compare.c
@@ -1442,9 +1442,7 @@ static void colo_compare_finalize(Object *obj)
         qemu_chr_fe_deinit(&s->chr_notify_dev, false);
     }
 
-    if (s->iothread) {
-        colo_compare_timer_del(s);
-    }
+    colo_compare_timer_del(s);
 
     qemu_bh_delete(s->event_bh);
 
@@ -1470,9 +1468,7 @@ static void colo_compare_finalize(Object *obj)
         g_hash_table_destroy(s->connection_track_table);
     }
 
-    if (s->iothread) {
-        object_unref(OBJECT(s->iothread));
-    }
+    object_unref(OBJECT(s->iothread));
 
     g_free(s->pri_indev);
     g_free(s->sec_indev);
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [PULL 2/2] hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()
  2020-08-04  6:41 [PULL 0/2] Net patches Jason Wang
  2020-08-04  6:41 ` [PULL 1/2] colo-compare: Remove superfluous NULL-pointer checks for s->iothread Jason Wang
@ 2020-08-04  6:41 ` Jason Wang
  2020-08-04 10:53 ` [PULL 0/2] Net patches Peter Maydell
  2 siblings, 0 replies; 5+ messages in thread
From: Jason Wang @ 2020-08-04  6:41 UTC (permalink / raw)
  To: peter.maydell; +Cc: Jason Wang, Mauro Matteo Cascella, qemu-devel

From: Mauro Matteo Cascella <mcascell@redhat.com>

An assertion failure issue was found in the code that processes network packets
while adding data fragments into the packet context. It could be abused by a
malicious guest to abort the QEMU process on the host. This patch replaces the
affected assert() with a conditional statement, returning false if the current
data fragment exceeds max_raw_frags.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Reviewed-by: Dmitry Fleytman <dmitry.fleytman@gmail.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 hw/net/net_tx_pkt.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index 9560e4a..da262ed 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -379,7 +379,10 @@ bool net_tx_pkt_add_raw_fragment(struct NetTxPkt *pkt, hwaddr pa,
     hwaddr mapped_len = 0;
     struct iovec *ventry;
     assert(pkt);
-    assert(pkt->max_raw_frags > pkt->raw_frags);
+
+    if (pkt->raw_frags >= pkt->max_raw_frags) {
+        return false;
+    }
 
     if (!len) {
         return true;
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PULL 0/2] Net patches
  2020-08-04  6:41 [PULL 0/2] Net patches Jason Wang
  2020-08-04  6:41 ` [PULL 1/2] colo-compare: Remove superfluous NULL-pointer checks for s->iothread Jason Wang
  2020-08-04  6:41 ` [PULL 2/2] hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() Jason Wang
@ 2020-08-04 10:53 ` Peter Maydell
  2020-08-05  2:43   ` Jason Wang
  2 siblings, 1 reply; 5+ messages in thread
From: Peter Maydell @ 2020-08-04 10:53 UTC (permalink / raw)
  To: Jason Wang; +Cc: QEMU Developers

On Tue, 4 Aug 2020 at 07:41, Jason Wang <jasowang@redhat.com> wrote:
>
> The following changes since commit 5c1c3e4f02e458cf280c677c817ae4fd1ed9bf10:
>
>   Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200803' into staging (2020-08-03 20:34:26 +0100)
>
> are available in the git repository at:
>
>   https://github.com/jasowang/qemu.git tags/net-pull-request
>
> for you to fetch changes up to 035e69b063835a5fd23cacabd63690a3d84532a8:
>
>   hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (2020-08-04 14:14:48 +0800)
>
> ----------------------------------------------------------------
>
> ----------------------------------------------------------------
> Lukas Straub (1):
>       colo-compare: Remove superfluous NULL-pointer checks for s->iothread
>
> Mauro Matteo Cascella (1):
>       hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()

Hi; this pullreq includes a patch where there's mangled UTF-8 in
one of the commit messages: the "colo-compare: Remove superfluous
NULL-pointer checks for s->iothread" patch has a mangled version
of the e-with-acute-accent character in Philippe's surname in his
Reviewed-by: tag.

Since this is the day of rc3 and I think you're at a timezone
offset that would make rerolling the series in time tricky,
I'm going to let this through. But please can you fix your
patch-handling workflow to ensure it doesn't corrupt UTF-8 ?

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
for any user-visible changes.

-- PMM


^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PULL 0/2] Net patches
  2020-08-04 10:53 ` [PULL 0/2] Net patches Peter Maydell
@ 2020-08-05  2:43   ` Jason Wang
  0 siblings, 0 replies; 5+ messages in thread
From: Jason Wang @ 2020-08-05  2:43 UTC (permalink / raw)
  To: Peter Maydell; +Cc: QEMU Developers


On 2020/8/4 下午6:53, Peter Maydell wrote:
> On Tue, 4 Aug 2020 at 07:41, Jason Wang <jasowang@redhat.com> wrote:
>> The following changes since commit 5c1c3e4f02e458cf280c677c817ae4fd1ed9bf10:
>>
>>    Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200803' into staging (2020-08-03 20:34:26 +0100)
>>
>> are available in the git repository at:
>>
>>    https://github.com/jasowang/qemu.git tags/net-pull-request
>>
>> for you to fetch changes up to 035e69b063835a5fd23cacabd63690a3d84532a8:
>>
>>    hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() (2020-08-04 14:14:48 +0800)
>>
>> ----------------------------------------------------------------
>>
>> ----------------------------------------------------------------
>> Lukas Straub (1):
>>        colo-compare: Remove superfluous NULL-pointer checks for s->iothread
>>
>> Mauro Matteo Cascella (1):
>>        hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()
> Hi; this pullreq includes a patch where there's mangled UTF-8 in
> one of the commit messages: the "colo-compare: Remove superfluous
> NULL-pointer checks for s->iothread" patch has a mangled version
> of the e-with-acute-accent character in Philippe's surname in his
> Reviewed-by: tag.
>
> Since this is the day of rc3 and I think you're at a timezone
> offset that would make rerolling the series in time tricky,
> I'm going to let this through. But please can you fix your
> patch-handling workflow to ensure it doesn't corrupt UTF-8 ?


My bad, it's time for me to use patchwork probably (or is there a better 
tools)?

Thanks


>
> Applied, thanks.
>
> Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1
> for any user-visible changes.
>
> -- PMM
>



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-08-05  2:45 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-04  6:41 [PULL 0/2] Net patches Jason Wang
2020-08-04  6:41 ` [PULL 1/2] colo-compare: Remove superfluous NULL-pointer checks for s->iothread Jason Wang
2020-08-04  6:41 ` [PULL 2/2] hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment() Jason Wang
2020-08-04 10:53 ` [PULL 0/2] Net patches Peter Maydell
2020-08-05  2:43   ` Jason Wang

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).