* [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
[not found] <20121205121317.GC6887@stefanha-thinkpad.redhat.com>
@ 2012-12-05 18:31 ` Michael Contreras
2012-12-18 13:44 ` Stefan Hajnoczi
0 siblings, 1 reply; 7+ messages in thread
From: Michael Contreras @ 2012-12-05 18:31 UTC (permalink / raw)
To: qemu-devel
Cc: Michael Contreras, Stefan Hajnoczi, Andreas Faerber, Anthony Liguori
Discard packets longer than 16384 when !SBP to match the hardware behavior.
Signed-off-by: Michael Contreras <michael@inetric.com>
---
hw/e1000.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/hw/e1000.c b/hw/e1000.c
index 5537ad2..e772c8e 100644
--- a/hw/e1000.c
+++ b/hw/e1000.c
@@ -61,6 +61,8 @@ static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
/* this is the size past which hardware will drop packets when setting LPE=0 */
#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
+/* this is the size past which hardware will drop packets when setting LPE=1 */
+#define MAXIMUM_ETHERNET_LPE_SIZE 16384
/*
* HW models:
@@ -809,8 +811,9 @@ e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
}
/* Discard oversized packets if !LPE and !SBP. */
- if (size > MAXIMUM_ETHERNET_VLAN_SIZE
- && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)
+ if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
+ (size > MAXIMUM_ETHERNET_VLAN_SIZE
+ && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
&& !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
return size;
}
--
1.8.0.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
2012-12-05 18:31 ` [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE Michael Contreras
@ 2012-12-18 13:44 ` Stefan Hajnoczi
2012-12-18 16:20 ` Michael Tokarev
0 siblings, 1 reply; 7+ messages in thread
From: Stefan Hajnoczi @ 2012-12-18 13:44 UTC (permalink / raw)
To: Michael Contreras; +Cc: qemu-devel, Anthony Liguori, Andreas Faerber
On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
> Discard packets longer than 16384 when !SBP to match the hardware behavior.
>
> Signed-off-by: Michael Contreras <michael@inetric.com>
> ---
> hw/e1000.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
Thanks, applied to the net tree:
https://github.com/stefanha/qemu/commits/net
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
2012-12-18 13:44 ` Stefan Hajnoczi
@ 2012-12-18 16:20 ` Michael Tokarev
2012-12-18 16:49 ` Stefan Hajnoczi
0 siblings, 1 reply; 7+ messages in thread
From: Michael Tokarev @ 2012-12-18 16:20 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Michael Contreras, qemu-devel, Anthony Liguori, Andreas Faerber
On 18.12.2012 17:44, Stefan Hajnoczi wrote:
> On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
>> Discard packets longer than 16384 when !SBP to match the hardware behavior.
>>
>> Signed-off-by: Michael Contreras <michael@inetric.com>
>> ---
>> hw/e1000.c | 7 +++++--
>> 1 file changed, 5 insertions(+), 2 deletions(-)
It looks like another very good candidate for -stable (up to quite some
releases of qemu ago), together with the previous similar patch.
Isn't it quite a bit security-sensitive too?
Thanks,
/mjt
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
2012-12-18 16:20 ` Michael Tokarev
@ 2012-12-18 16:49 ` Stefan Hajnoczi
2012-12-18 17:34 ` Michael Contreras
0 siblings, 1 reply; 7+ messages in thread
From: Stefan Hajnoczi @ 2012-12-18 16:49 UTC (permalink / raw)
To: Michael Tokarev
Cc: Stefan Hajnoczi, Michael Contreras, qemu-stable, qemu-devel,
Anthony Liguori, Andreas Faerber
On Tue, Dec 18, 2012 at 5:20 PM, Michael Tokarev <mjt@tls.msk.ru> wrote:
> On 18.12.2012 17:44, Stefan Hajnoczi wrote:
>> On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
>>> Discard packets longer than 16384 when !SBP to match the hardware behavior.
>>>
>>> Signed-off-by: Michael Contreras <michael@inetric.com>
>>> ---
>>> hw/e1000.c | 7 +++++--
>>> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> It looks like another very good candidate for -stable (up to quite some
> releases of qemu ago), together with the previous similar patch.
Yes, it's good for -stable.
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
2012-12-18 16:49 ` Stefan Hajnoczi
@ 2012-12-18 17:34 ` Michael Contreras
2012-12-19 11:42 ` Stefan Hajnoczi
2012-12-30 8:29 ` Michael Tokarev
0 siblings, 2 replies; 7+ messages in thread
From: Michael Contreras @ 2012-12-18 17:34 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Stefan Hajnoczi, michael, kangli, Michael Tokarev, qemu-devel,
Anthony Liguori, Andreas Faerber
On Tue, Dec 18, 2012 at 05:49:16PM +0100, Stefan Hajnoczi wrote:
> On Tue, Dec 18, 2012 at 5:20 PM, Michael Tokarev <mjt@tls.msk.ru> wrote:
> > On 18.12.2012 17:44, Stefan Hajnoczi wrote:
> >> On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
> >>> Discard packets longer than 16384 when !SBP to match the hardware behavior.
> >>>
> >>> Signed-off-by: Michael Contreras <michael@inetric.com>
> >>> ---
> >>> hw/e1000.c | 7 +++++--
> >>> 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > It looks like another very good candidate for -stable (up to quite some
> > releases of qemu ago), together with the previous similar patch.
>
> Yes, it's good for -stable.
>
> Stefan
Thanks guys. Any update on the CVE number? Seems the KVM qemu git tree
still has this vulnerability. Xen has the fix in their qemu unstable
git mirror, but hasn't applied it yet either.
Michael
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
2012-12-18 17:34 ` Michael Contreras
@ 2012-12-19 11:42 ` Stefan Hajnoczi
2012-12-30 8:29 ` Michael Tokarev
1 sibling, 0 replies; 7+ messages in thread
From: Stefan Hajnoczi @ 2012-12-19 11:42 UTC (permalink / raw)
To: Michael Contreras
Cc: Stefan Hajnoczi, kangli, Michael Tokarev, qemu-devel,
Anthony Liguori, Andreas Faerber
On Tue, Dec 18, 2012 at 12:34:22PM -0500, Michael Contreras wrote:
> On Tue, Dec 18, 2012 at 05:49:16PM +0100, Stefan Hajnoczi wrote:
> > On Tue, Dec 18, 2012 at 5:20 PM, Michael Tokarev <mjt@tls.msk.ru> wrote:
> > > On 18.12.2012 17:44, Stefan Hajnoczi wrote:
> > >> On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
> > >>> Discard packets longer than 16384 when !SBP to match the hardware behavior.
> > >>>
> > >>> Signed-off-by: Michael Contreras <michael@inetric.com>
> > >>> ---
> > >>> hw/e1000.c | 7 +++++--
> > >>> 1 file changed, 5 insertions(+), 2 deletions(-)
> > >
> > > It looks like another very good candidate for -stable (up to quite some
> > > releases of qemu ago), together with the previous similar patch.
> >
> > Yes, it's good for -stable.
> >
> > Stefan
>
> Thanks guys. Any update on the CVE number? Seems the KVM qemu git tree
> still has this vulnerability. Xen has the fix in their qemu unstable
> git mirror, but hasn't applied it yet either.
Your original LPE patch went into QEMU 1.3. qemu-kvm.git is no longer
relevant - it has been merged back into qemu.git and has therefore not
been updated since October 11. Use qemu.git.
Perhaps others can provide info on the CVE and Xen.
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE
2012-12-18 17:34 ` Michael Contreras
2012-12-19 11:42 ` Stefan Hajnoczi
@ 2012-12-30 8:29 ` Michael Tokarev
1 sibling, 0 replies; 7+ messages in thread
From: Michael Tokarev @ 2012-12-30 8:29 UTC (permalink / raw)
To: Michael Contreras
Cc: Stefan Hajnoczi, kangli, Andreas Faerber, Anthony Liguori, qemu-devel
18.12.2012 21:34, Michael Contreras пишет:
> On Tue, Dec 18, 2012 at 05:49:16PM +0100, Stefan Hajnoczi wrote:
>> On Tue, Dec 18, 2012 at 5:20 PM, Michael Tokarev <mjt@tls.msk.ru> wrote:
>>> On 18.12.2012 17:44, Stefan Hajnoczi wrote:
>>>> On Wed, Dec 05, 2012 at 01:31:30PM -0500, Michael Contreras wrote:
>>>>> Discard packets longer than 16384 when !SBP to match the hardware behavior.
>>>>>
>>>>> Signed-off-by: Michael Contreras <michael@inetric.com>
>>>>> ---
>>>>> hw/e1000.c | 7 +++++--
>>>>> 1 file changed, 5 insertions(+), 2 deletions(-)
>>>
>>> It looks like another very good candidate for -stable (up to quite some
>>> releases of qemu ago), together with the previous similar patch.
>>
>> Yes, it's good for -stable.
>>
>> Stefan
>
> Thanks guys. Any update on the CVE number? Seems the KVM qemu git tree
> still has this vulnerability. Xen has the fix in their qemu unstable
> git mirror, but hasn't applied it yet either.
This issue has been assigned CVE-2012-6075.
qemu-kvm does not exist anymore, it is just an internal development
tree for qemu, sort of like a subsystem tree - there will be no
more qemu-kvm releases.
So we care only about qemu (main, older versions, incl. 0.12 and 0.15,
are also affected), old qemu-kvm, and xen. CC'ing afaerber for 0.15.
Thank you!
/mjt
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2012-12-30 8:29 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20121205121317.GC6887@stefanha-thinkpad.redhat.com>
2012-12-05 18:31 ` [Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPE Michael Contreras
2012-12-18 13:44 ` Stefan Hajnoczi
2012-12-18 16:20 ` Michael Tokarev
2012-12-18 16:49 ` Stefan Hajnoczi
2012-12-18 17:34 ` Michael Contreras
2012-12-19 11:42 ` Stefan Hajnoczi
2012-12-30 8:29 ` Michael Tokarev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.