From: Jason Wang <jasowang@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
qemu-devel@nongnu.org
Cc: Mauro Matteo Cascella <mcascell@redhat.com>,
Dmitry Fleytman <dmitry.fleytman@gmail.com>,
qemu-stable@nongnu.org, Li Qiang <liq3ea@gmail.com>,
Andrew Melnychenko <andrew@daynix.com>,
Prasad J Pandit <ppandit@redhat.com>,
Alexander Bulekov <alxndr@bu.edu>
Subject: Re: [PATCH] hw/net: Discard overly fragmented packets
Date: Wed, 11 Aug 2021 12:08:05 +0800 [thread overview]
Message-ID: <b1ce9a24-0e77-7a15-9532-d3bc7d480492@redhat.com> (raw)
In-Reply-To: <b389e61b-4606-1327-3aa0-b4e056ba8dd3@redhat.com>
在 2021/8/4 上午9:43, Jason Wang 写道:
>
> 在 2021/8/3 下午5:51, Philippe Mathieu-Daudé 写道:
>> On 8/3/21 11:33 AM, Thomas Huth wrote:
>>> On 05/07/2021 10.40, Philippe Mathieu-Daudé wrote:
>>>> Our infrastructure can handle fragmented packets up to
>>>> NET_MAX_FRAG_SG_LIST (64) pieces. This hard limit has
>>>> been proven enough in production for years. If it is
>>>> reached, it is likely an evil crafted packet. Discard it.
>>>>
>>>> Include the qtest reproducer provided by Alexander Bulekov:
>>>>
>>>> $ make check-qtest-i386
>>>> ...
>>>> Running test qtest-i386/fuzz-vmxnet3-test
>>>> qemu-system-i386: net/eth.c:334: void
>>>> eth_setup_ip4_fragmentation(const void *, size_t, void *, size_t,
>>>> size_t, size_t, _Bool):
>>>> Assertion `frag_offset % IP_FRAG_UNIT_SIZE == 0' failed.
>>>>
>>>> Cc: qemu-stable@nongnu.org
>>>> Reported-by: OSS-Fuzz (Issue 35799)
>>>> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/460
>>>> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
>>>> ---
>>>> hw/net/net_tx_pkt.c | 8 ++
>>>> tests/qtest/fuzz-vmxnet3-test.c | 195
>>>> ++++++++++++++++++++++++++++++++
>>>> MAINTAINERS | 1 +
>>>> tests/qtest/meson.build | 1 +
>>>> 4 files changed, 205 insertions(+)
>>>> create mode 100644 tests/qtest/fuzz-vmxnet3-test.c
>>> Reviewed-by: Thomas Huth <thuth@redhat.com>
>>>
>>> Jason, I think this would even still qualify for QEMU v6.1 ?
>> Yes, easy one for 6.1.
>
>
> Yes, this will be included for rc3.
>
> Thanks
For some reasons it misses rc3.
I will include it for 6.2.
Sorry.
>
>
>>
next prev parent reply other threads:[~2021-08-11 4:09 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-05 8:40 [PATCH] hw/net: Discard overly fragmented packets Philippe Mathieu-Daudé
2021-07-06 9:00 ` Mauro Matteo Cascella
2021-07-06 9:09 ` Philippe Mathieu-Daudé
2021-08-03 9:33 ` Thomas Huth
2021-08-03 9:51 ` Philippe Mathieu-Daudé
2021-08-04 1:43 ` Jason Wang
2021-08-11 4:08 ` Jason Wang [this message]
2022-08-05 14:51 ` Thomas Huth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b1ce9a24-0e77-7a15-9532-d3bc7d480492@redhat.com \
--to=jasowang@redhat.com \
--cc=alxndr@bu.edu \
--cc=andrew@daynix.com \
--cc=dmitry.fleytman@gmail.com \
--cc=liq3ea@gmail.com \
--cc=mcascell@redhat.com \
--cc=philmd@redhat.com \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.