subject:"\[Qemu\-devel\] \[PATCH V2 2\/4\] vmxnet3\: validate queues configuration coming from quest"

Re: [Qemu-devel] [PATCH V2 2/4] vmxnet3: validate queues configuration coming from quest

2014-04-28 Thread Michael S. Tsirkin

On Fri, Apr 04, 2014 at 12:45:20PM +0300, Dmitry Fleytman wrote:
> CVE-2013-4544
> 
> Signed-off-by: Dmitry Fleytman 
> Reported-by: Michael S. Tsirkin 
> Signed-off-by: Michael S. Tsirkin 


Reviewed-by: Michael S. Tsirkin 

> ---
>  hw/net/vmxnet3.c | 19 ++-
>  1 file changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> index 0b317f8..4fefc7b 100644
> --- a/hw/net/vmxnet3.c
> +++ b/hw/net/vmxnet3.c
> @@ -1336,6 +1336,23 @@ static void vmxnet3_validate_interrupts(VMXNET3State 
> *s)
>  }
>  }
>  
> +static void vmxnet3_validate_queues(VMXNET3State *s)
> +{
> +/*
> +* txq_num and rxq_num are total number of queues
> +* configured by guest. These numbers must not
> +* exceed corresponding maximal values.
> +*/
> +
> +if (s->txq_num > VMXNET3_DEVICE_MAX_TX_QUEUES) {
> +hw_error("Bad TX queues number: %d\n", s->txq_num);
> +}
> +
> +if (s->rxq_num > VMXNET3_DEVICE_MAX_RX_QUEUES) {
> +hw_error("Bad RX queues number: %d\n", s->rxq_num);
> +}
> +}
> +
>  static void vmxnet3_activate_device(VMXNET3State *s)
>  {
>  int i;
> @@ -1382,7 +1399,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
>  VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.misc.numRxQueues);
>  
>  VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num);
> -assert(s->txq_num <= VMXNET3_DEVICE_MAX_TX_QUEUES);
> +vmxnet3_validate_queues(s);
>  
>  qdescr_table_pa =
>  VMXNET3_READ_DRV_SHARED64(s->drv_shmem, devRead.misc.queueDescPA);
> -- 
> 1.8.5.3
>

Re: [Qemu-devel] [PATCH V2 2/4] vmxnet3: validate queues configuration coming from quest

2014-04-11 Thread Dr. David Alan Gilbert

* Dmitry Fleytman (dmi...@daynix.com) wrote:
> CVE-2013-4544
> 
> Signed-off-by: Dmitry Fleytman 
> Reported-by: Michael S. Tsirkin 
> Signed-off-by: Michael S. Tsirkin 
> ---

Reviewed-by: Dr. David Alan Gilbert 

>  hw/net/vmxnet3.c | 19 ++-
>  1 file changed, 18 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> index 0b317f8..4fefc7b 100644
> --- a/hw/net/vmxnet3.c
> +++ b/hw/net/vmxnet3.c
> @@ -1336,6 +1336,23 @@ static void vmxnet3_validate_interrupts(VMXNET3State 
> *s)
>  }
>  }
>  
> +static void vmxnet3_validate_queues(VMXNET3State *s)
> +{
> +/*
> +* txq_num and rxq_num are total number of queues
> +* configured by guest. These numbers must not
> +* exceed corresponding maximal values.
> +*/
> +
> +if (s->txq_num > VMXNET3_DEVICE_MAX_TX_QUEUES) {
> +hw_error("Bad TX queues number: %d\n", s->txq_num);
> +}
> +
> +if (s->rxq_num > VMXNET3_DEVICE_MAX_RX_QUEUES) {
> +hw_error("Bad RX queues number: %d\n", s->rxq_num);
> +}
> +}
> +
>  static void vmxnet3_activate_device(VMXNET3State *s)
>  {
>  int i;
> @@ -1382,7 +1399,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
>  VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.misc.numRxQueues);
>  
>  VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num);
> -assert(s->txq_num <= VMXNET3_DEVICE_MAX_TX_QUEUES);
> +vmxnet3_validate_queues(s);
>  
>  qdescr_table_pa =
>  VMXNET3_READ_DRV_SHARED64(s->drv_shmem, devRead.misc.queueDescPA);
> -- 
> 1.8.5.3
> 
> 
--
Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK

[Qemu-devel] [PATCH V2 2/4] vmxnet3: validate queues configuration coming from quest

2014-04-04 Thread Dmitry Fleytman

CVE-2013-4544

Signed-off-by: Dmitry Fleytman 
Reported-by: Michael S. Tsirkin 
Signed-off-by: Michael S. Tsirkin 
---
 hw/net/vmxnet3.c | 19 ++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 0b317f8..4fefc7b 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1336,6 +1336,23 @@ static void vmxnet3_validate_interrupts(VMXNET3State *s)
 }
 }
 
+static void vmxnet3_validate_queues(VMXNET3State *s)
+{
+/*
+* txq_num and rxq_num are total number of queues
+* configured by guest. These numbers must not
+* exceed corresponding maximal values.
+*/
+
+if (s->txq_num > VMXNET3_DEVICE_MAX_TX_QUEUES) {
+hw_error("Bad TX queues number: %d\n", s->txq_num);
+}
+
+if (s->rxq_num > VMXNET3_DEVICE_MAX_RX_QUEUES) {
+hw_error("Bad RX queues number: %d\n", s->rxq_num);
+}
+}
+
 static void vmxnet3_activate_device(VMXNET3State *s)
 {
 int i;
@@ -1382,7 +1399,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
 VMXNET3_READ_DRV_SHARED8(s->drv_shmem, devRead.misc.numRxQueues);
 
 VMW_CFPRN("Number of TX/RX queues %u/%u", s->txq_num, s->rxq_num);
-assert(s->txq_num <= VMXNET3_DEVICE_MAX_TX_QUEUES);
+vmxnet3_validate_queues(s);
 
 qdescr_table_pa =
 VMXNET3_READ_DRV_SHARED64(s->drv_shmem, devRead.misc.queueDescPA);
-- 
1.8.5.3

Re: [Qemu-devel] [PATCH V2 2/4] vmxnet3: validate queues configuration coming from quest

Re: [Qemu-devel] [PATCH V2 2/4] vmxnet3: validate queues configuration coming from quest

[Qemu-devel] [PATCH V2 2/4] vmxnet3: validate queues configuration coming from quest

3 matches

Site Navigation

Mail list logo

Footer information