From: P J P <ppandit@redhat.com>
To: Stefan Weil <sw@weilnetz.de>
Cc: Peter Maydell <peter.maydell@linaro.org>,
Jason Wang <jasowang@redhat.com>, Li Qiang <liq3ea@gmail.com>,
QEMU Developers <qemu-devel@nongnu.org>,
Alexander Bulekov <alxndr@bu.edu>,
Ruhr-University Bochum <bugs-syssec@rub.de>
Subject: Re: [PATCH] net: eepro100: validate various address values
Date: Fri, 19 Feb 2021 14:56:11 +0530 (IST) [thread overview]
Message-ID: <n62s8q1-4ns8-pq39-7r2o-p483n3555o1p@erqung.pbz> (raw)
In-Reply-To: <43340d92-55da-61f2-5ad1-c8e3d6679f6d@weilnetz.de>
[-- Attachment #1: Type: text/plain, Size: 1624 bytes --]
Hello Stefan,
+-- On Fri, 19 Feb 2021, Stefan Weil wrote --+
| If there are no recursions in normal use, the following patch should work:
|
| diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
| index 16e95ef9cc..2474cf3dc2 100644
| --- a/hw/net/eepro100.c
| +++ b/hw/net/eepro100.c
| @@ -279,6 +279,9 @@ typedef struct {
| /* Quasi static device properties (no need to save them). */
| uint16_t stats_size;
| bool has_extended_tcb_support;
| +
| + /* Flag to avoid recursions. */
| + bool busy;
| } EEPRO100State;
|
| /* Word indices in EEPROM. */
| @@ -837,6 +840,14 @@ static void action_command(EEPRO100State *s)
| Therefore we limit the number of iterations. */
| unsigned max_loop_count = 16;
|
| + if (s->busy) {
| + /* Prevent recursions. */
| + logout("recursion in %s:%u\n", __FILE__, __LINE__);
| + return;
| + }
| +
| + s->busy = true;
| +
| for (;;) {
| bool bit_el;
| bool bit_s;
| @@ -933,6 +944,7 @@ static void action_command(EEPRO100State *s)
| }
| TRACE(OTHER, logout("CU list empty\n"));
| /* List is empty. Now CU is idle or suspended. */
| + s->busy = false;
| }
|
| static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
Please see:
-> https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1
* It does not seem to address above case.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
next prev parent reply other threads:[~2021-02-19 9:27 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-18 14:06 [PATCH] net: eepro100: validate various address values P J P
2021-02-18 14:18 ` no-reply
2021-02-18 14:41 ` Peter Maydell
2021-02-18 16:10 ` Stefan Weil
2021-02-19 1:54 ` Alexander Bulekov
2021-02-19 2:06 ` Li Qiang
2021-02-19 2:14 ` Alexander Bulekov
2021-02-19 4:43 ` Li Qiang
2021-02-20 3:05 ` Alexander Bulekov
2021-02-19 6:11 ` P J P
2021-02-19 8:08 ` Stefan Weil
2021-02-19 8:26 ` Stefan Weil
2021-02-19 9:26 ` P J P [this message]
2021-02-19 9:52 ` Stefan Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=n62s8q1-4ns8-pq39-7r2o-p483n3555o1p@erqung.pbz \
--to=ppandit@redhat.com \
--cc=alxndr@bu.edu \
--cc=bugs-syssec@rub.de \
--cc=jasowang@redhat.com \
--cc=liq3ea@gmail.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).