From: Jason Wang <jasowang@redhat.com>
To: peter.maydell@linaro.org
Cc: Jason Wang <jasowang@redhat.com>,
qemu-stable@nongnu.org, qemu-devel@nongnu.org,
Prasad J Pandit <ppandit@redhat.com>
Subject: [PULL V2 05/20] net: introduce qemu_receive_packet()
Date: Mon, 15 Mar 2021 17:14:18 +0800 [thread overview]
Message-ID: <1615799673-31549-6-git-send-email-jasowang@redhat.com> (raw)
In-Reply-To: <1615799673-31549-1-git-send-email-jasowang@redhat.com>
Some NIC supports loopback mode and this is done by calling
nc->info->receive() directly which in fact suppresses the effort of
reentrancy check that is done in qemu_net_queue_send().
Unfortunately we can't use qemu_net_queue_send() here since for
loopback there's no sender as peer, so this patch introduce a
qemu_receive_packet() which is used for implementing loopback mode
for a NIC with this check.
NIC that supports loopback mode will be converted to this helper.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
include/net/net.h | 5 +++++
include/net/queue.h | 8 ++++++++
net/net.c | 38 +++++++++++++++++++++++++++++++-------
net/queue.c | 22 ++++++++++++++++++++++
4 files changed, 66 insertions(+), 7 deletions(-)
diff --git a/include/net/net.h b/include/net/net.h
index 919faca..4f56cae 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -144,12 +144,17 @@ void *qemu_get_nic_opaque(NetClientState *nc);
void qemu_del_net_client(NetClientState *nc);
typedef void (*qemu_nic_foreach)(NICState *nic, void *opaque);
void qemu_foreach_nic(qemu_nic_foreach func, void *opaque);
+int qemu_can_receive_packet(NetClientState *nc);
int qemu_can_send_packet(NetClientState *nc);
ssize_t qemu_sendv_packet(NetClientState *nc, const struct iovec *iov,
int iovcnt);
ssize_t qemu_sendv_packet_async(NetClientState *nc, const struct iovec *iov,
int iovcnt, NetPacketSent *sent_cb);
ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size);
+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size);
+ssize_t qemu_receive_packet_iov(NetClientState *nc,
+ const struct iovec *iov,
+ int iovcnt);
ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size);
ssize_t qemu_send_packet_async(NetClientState *nc, const uint8_t *buf,
int size, NetPacketSent *sent_cb);
diff --git a/include/net/queue.h b/include/net/queue.h
index c0269bb..9f2f289 100644
--- a/include/net/queue.h
+++ b/include/net/queue.h
@@ -55,6 +55,14 @@ void qemu_net_queue_append_iov(NetQueue *queue,
void qemu_del_net_queue(NetQueue *queue);
+ssize_t qemu_net_queue_receive(NetQueue *queue,
+ const uint8_t *data,
+ size_t size);
+
+ssize_t qemu_net_queue_receive_iov(NetQueue *queue,
+ const struct iovec *iov,
+ int iovcnt);
+
ssize_t qemu_net_queue_send(NetQueue *queue,
NetClientState *sender,
unsigned flags,
diff --git a/net/net.c b/net/net.c
index 77b35ea..edf9b95 100644
--- a/net/net.c
+++ b/net/net.c
@@ -529,6 +529,17 @@ int qemu_set_vnet_be(NetClientState *nc, bool is_be)
#endif
}
+int qemu_can_receive_packet(NetClientState *nc)
+{
+ if (nc->receive_disabled) {
+ return 0;
+ } else if (nc->info->can_receive &&
+ !nc->info->can_receive(nc)) {
+ return 0;
+ }
+ return 1;
+}
+
int qemu_can_send_packet(NetClientState *sender)
{
int vm_running = runstate_is_running();
@@ -541,13 +552,7 @@ int qemu_can_send_packet(NetClientState *sender)
return 1;
}
- if (sender->peer->receive_disabled) {
- return 0;
- } else if (sender->peer->info->can_receive &&
- !sender->peer->info->can_receive(sender->peer)) {
- return 0;
- }
- return 1;
+ return qemu_can_receive_packet(sender->peer);
}
static ssize_t filter_receive_iov(NetClientState *nc,
@@ -680,6 +685,25 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size)
return qemu_send_packet_async(nc, buf, size, NULL);
}
+ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size)
+{
+ if (!qemu_can_receive_packet(nc)) {
+ return 0;
+ }
+
+ return qemu_net_queue_receive(nc->incoming_queue, buf, size);
+}
+
+ssize_t qemu_receive_packet_iov(NetClientState *nc, const struct iovec *iov,
+ int iovcnt)
+{
+ if (!qemu_can_receive_packet(nc)) {
+ return 0;
+ }
+
+ return qemu_net_queue_receive_iov(nc->incoming_queue, iov, iovcnt);
+}
+
ssize_t qemu_send_packet_raw(NetClientState *nc, const uint8_t *buf, int size)
{
return qemu_send_packet_async_with_flags(nc, QEMU_NET_PACKET_FLAG_RAW,
diff --git a/net/queue.c b/net/queue.c
index 19e32c8..c872d51 100644
--- a/net/queue.c
+++ b/net/queue.c
@@ -182,6 +182,28 @@ static ssize_t qemu_net_queue_deliver_iov(NetQueue *queue,
return ret;
}
+ssize_t qemu_net_queue_receive(NetQueue *queue,
+ const uint8_t *data,
+ size_t size)
+{
+ if (queue->delivering) {
+ return 0;
+ }
+
+ return qemu_net_queue_deliver(queue, NULL, 0, data, size);
+}
+
+ssize_t qemu_net_queue_receive_iov(NetQueue *queue,
+ const struct iovec *iov,
+ int iovcnt)
+{
+ if (queue->delivering) {
+ return 0;
+ }
+
+ return qemu_net_queue_deliver_iov(queue, NULL, 0, iov, iovcnt);
+}
+
ssize_t qemu_net_queue_send(NetQueue *queue,
NetClientState *sender,
unsigned flags,
--
2.7.4
next prev parent reply other threads:[~2021-03-15 9:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-15 9:14 [PULL V2 00/20] Net patches Jason Wang
2021-03-15 9:14 ` [PULL V2 01/20] virtio-net: calculating proper msix vectors on init Jason Wang
2021-03-15 9:14 ` [PULL V2 02/20] net: Fix build error when DEBUG_NET is on Jason Wang
2021-03-15 9:14 ` [PULL V2 03/20] net: validate that ids are well formed Jason Wang
2021-03-15 9:14 ` [PULL V2 04/20] e1000: fail early for evil descriptor Jason Wang
2021-03-15 9:14 ` Jason Wang [this message]
2021-03-15 9:14 ` [PULL V2 06/20] e1000: switch to use qemu_receive_packet() for loopback Jason Wang
2021-03-15 9:14 ` [PULL V2 07/20] dp8393x: switch to use qemu_receive_packet() for loopback packet Jason Wang
2021-03-15 9:14 ` [PULL V2 08/20] msf2-mac: switch to use qemu_receive_packet() for loopback Jason Wang
2021-03-15 9:14 ` [PULL V2 09/20] sungem: " Jason Wang
2021-03-15 9:14 ` [PULL V2 10/20] tx_pkt: switch to use qemu_receive_packet_iov() " Jason Wang
2021-03-15 9:14 ` [PULL V2 11/20] rtl8139: switch to use qemu_receive_packet() " Jason Wang
2021-03-15 9:14 ` [PULL V2 12/20] pcnet: " Jason Wang
2021-03-15 9:14 ` [PULL V2 13/20] cadence_gem: " Jason Wang
2021-03-15 9:14 ` [PULL V2 14/20] lan9118: " Jason Wang
2021-03-15 9:14 ` [PULL V2 15/20] pvrdma: wean code off pvrdma_ring.h kernel header Jason Wang
2021-03-15 9:14 ` [PULL V2 16/20] qapi: net: Add query-netdev command Jason Wang
2021-03-16 21:27 ` Peter Maydell
2021-03-17 4:16 ` Jason Wang
2021-03-16 21:37 ` Peter Maydell
2021-03-17 3:34 ` Jason Wang
2021-03-25 2:36 ` Jason Wang
2021-03-15 9:14 ` [PULL V2 17/20] tests: Add tests for " Jason Wang
2021-03-15 9:14 ` [PULL V2 18/20] net: Move NetClientState.info_str to dynamic allocations Jason Wang
2021-03-15 9:14 ` [PULL V2 19/20] hmp: Use QAPI NetdevInfo in hmp_info_network Jason Wang
2021-03-15 9:14 ` [PULL V2 20/20] net: Do not fill legacy info_str for backends Jason Wang
2021-03-16 12:30 ` [PULL V2 00/20] Net patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1615799673-31549-6-git-send-email-jasowang@redhat.com \
--to=jasowang@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.