Revision tags: v8.1.1, v7.2.6, v8.0.5 |
|
#
1728593a |
| 04-Sep-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags);
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags); ^ net/eth.c:413:16: note: previous declaration is here size_t input_size = iov_size(pkt, pkt_frags); ^
Suggested-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-16-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.1.1, v7.2.6, v8.0.5 |
|
#
1728593a |
| 04-Sep-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags);
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags); ^ net/eth.c:413:16: note: previous declaration is here size_t input_size = iov_size(pkt, pkt_frags); ^
Suggested-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-16-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.1.1, v7.2.6, v8.0.5 |
|
#
1728593a |
| 04-Sep-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags);
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags); ^ net/eth.c:413:16: note: previous declaration is here size_t input_size = iov_size(pkt, pkt_frags); ^
Suggested-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-16-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.1.1, v7.2.6, v8.0.5 |
|
#
1728593a |
| 04-Sep-2023 |
Philippe Mathieu-Daudé <philmd@linaro.org> |
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags);
net/eth: Clean up local variable shadowing
Fix:
net/eth.c:435:20: error: declaration shadows a local variable [-Werror,-Wshadow] size_t input_size = iov_size(pkt, pkt_frags); ^ net/eth.c:413:16: note: previous declaration is here size_t input_size = iov_size(pkt, pkt_frags); ^
Suggested-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20230904161235.84651-16-philmd@linaro.org> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
Revision tags: v8.1.0, v8.1.0-rc4, v8.1.0-rc3, v7.2.5, v8.0.4, v8.1.0-rc2, v8.1.0-rc1, v8.1.0-rc0, v8.0.3, v7.2.4, v8.0.2, v8.0.1, v7.2.3 |
|
#
7e64a9ca |
| 23-May-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
igb: Strip the second VLAN tag for extended VLAN
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
|
#
907209e3 |
| 23-May-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
igb: Implement Rx SCTP CSO
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech> Signed-off-by: Jason Wang <jasowang@redhat.com>
|
#
aaa8a15c |
| 23-May-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Always add VLAN tag
It is possible to have another VLAN tag even if the packet is already tagged.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowan
net/eth: Always add VLAN tag
It is possible to have another VLAN tag even if the packet is already tagged.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
85427bf3 |
| 23-May-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Use void pointers
The uses of uint8_t pointers were misleading as they are never accessed as an array of octets and it even require more strict alignment to access as struct eth_header.
Si
net/eth: Use void pointers
The uses of uint8_t pointers were misleading as they are never accessed as an array of octets and it even require more strict alignment to access as struct eth_header.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
0b117830 |
| 23-May-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Rename eth_setup_vlan_headers_ex
The old eth_setup_vlan_headers has no user so remove it and rename eth_setup_vlan_headers_ex.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Revie
net/eth: Rename eth_setup_vlan_headers_ex
The old eth_setup_vlan_headers has no user so remove it and rename eth_setup_vlan_headers_ex.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
2f0fa232 |
| 23-May-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/net_rx_pkt: Use iovec for net_rx_pkt_set_protocols()
igb does not properly ensure the buffer passed to net_rx_pkt_set_protocols() is contiguous for the entire L2/L3/L4 header. Allow it to pass s
net/net_rx_pkt: Use iovec for net_rx_pkt_set_protocols()
igb does not properly ensure the buffer passed to net_rx_pkt_set_protocols() is contiguous for the entire L2/L3/L4 header. Allow it to pass scattered data to net_rx_pkt_set_protocols().
Fixes: 3a977deebe ("Intrdocue igb device emulation") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
Revision tags: v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0 |
|
#
65f474bb |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Introduce EthL4HdrProto
igb, a new network device emulation, will need SCTP checksum offloading. Currently eth_get_protocols() has a bool parameter for each protocol currently it supports,
net/eth: Introduce EthL4HdrProto
igb, a new network device emulation, will need SCTP checksum offloading. Currently eth_get_protocols() has a bool parameter for each protocol currently it supports, but there will be a bit too many parameters if we add yet another protocol.
Introduce an enum type, EthL4HdrProto to represent all L4 protocols eth_get_protocols() support with one parameter.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
69ff5ef8 |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Report if headers are actually present
The values returned by eth_get_protocols() are used to perform RSS, checksumming and segmentation. Even when a packet signals the use of the protocols
net/eth: Report if headers are actually present
The values returned by eth_get_protocols() are used to perform RSS, checksumming and segmentation. Even when a packet signals the use of the protocols which these operations can be applied to, the headers for them may not be present because of too short packet or fragmentation, for example. In such a case, the operations cannot be applied safely.
Report the presence of headers instead of whether the use of the protocols are indicated with eth_get_protocols(). This also makes corresponding changes to the callers of eth_get_protocols() to match with its new signature and to remove redundant checks for fragmentation.
Fixes: 75020a7021 ("Common definitions for VMWARE devices") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
02ef5fdc |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
hw/net/net_tx_pkt: Implement TCP segmentation
There was no proper implementation of TCP segmentation before this change, and net_tx_pkt relied solely on IPv4 fragmentation. Not only this is not alig
hw/net/net_tx_pkt: Implement TCP segmentation
There was no proper implementation of TCP segmentation before this change, and net_tx_pkt relied solely on IPv4 fragmentation. Not only this is not aligned with the specification, but it also resulted in corrupted IPv6 packets.
This is particularly problematic for the igb, a new proposed device implementation; igb provides loopback feature for VMDq and the feature relies on software segmentation.
Implement proper TCP segmentation in net_tx_pkt to fix such a scenario.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
Revision tags: v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0 |
|
#
65f474bb |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Introduce EthL4HdrProto
igb, a new network device emulation, will need SCTP checksum offloading. Currently eth_get_protocols() has a bool parameter for each protocol currently it supports,
net/eth: Introduce EthL4HdrProto
igb, a new network device emulation, will need SCTP checksum offloading. Currently eth_get_protocols() has a bool parameter for each protocol currently it supports, but there will be a bit too many parameters if we add yet another protocol.
Introduce an enum type, EthL4HdrProto to represent all L4 protocols eth_get_protocols() support with one parameter.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
69ff5ef8 |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Report if headers are actually present
The values returned by eth_get_protocols() are used to perform RSS, checksumming and segmentation. Even when a packet signals the use of the protocols
net/eth: Report if headers are actually present
The values returned by eth_get_protocols() are used to perform RSS, checksumming and segmentation. Even when a packet signals the use of the protocols which these operations can be applied to, the headers for them may not be present because of too short packet or fragmentation, for example. In such a case, the operations cannot be applied safely.
Report the presence of headers instead of whether the use of the protocols are indicated with eth_get_protocols(). This also makes corresponding changes to the callers of eth_get_protocols() to match with its new signature and to remove redundant checks for fragmentation.
Fixes: 75020a7021 ("Common definitions for VMWARE devices") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
02ef5fdc |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
hw/net/net_tx_pkt: Implement TCP segmentation
There was no proper implementation of TCP segmentation before this change, and net_tx_pkt relied solely on IPv4 fragmentation. Not only this is not alig
hw/net/net_tx_pkt: Implement TCP segmentation
There was no proper implementation of TCP segmentation before this change, and net_tx_pkt relied solely on IPv4 fragmentation. Not only this is not aligned with the specification, but it also resulted in corrupted IPv6 packets.
This is particularly problematic for the igb, a new proposed device implementation; igb provides loopback feature for VMDq and the feature relies on software segmentation.
Implement proper TCP segmentation in net_tx_pkt to fix such a scenario.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
Revision tags: v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0 |
|
#
65f474bb |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Introduce EthL4HdrProto
igb, a new network device emulation, will need SCTP checksum offloading. Currently eth_get_protocols() has a bool parameter for each protocol currently it supports,
net/eth: Introduce EthL4HdrProto
igb, a new network device emulation, will need SCTP checksum offloading. Currently eth_get_protocols() has a bool parameter for each protocol currently it supports, but there will be a bit too many parameters if we add yet another protocol.
Introduce an enum type, EthL4HdrProto to represent all L4 protocols eth_get_protocols() support with one parameter.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
69ff5ef8 |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
net/eth: Report if headers are actually present
The values returned by eth_get_protocols() are used to perform RSS, checksumming and segmentation. Even when a packet signals the use of the protocols
net/eth: Report if headers are actually present
The values returned by eth_get_protocols() are used to perform RSS, checksumming and segmentation. Even when a packet signals the use of the protocols which these operations can be applied to, the headers for them may not be present because of too short packet or fragmentation, for example. In such a case, the operations cannot be applied safely.
Report the presence of headers instead of whether the use of the protocols are indicated with eth_get_protocols(). This also makes corresponding changes to the callers of eth_get_protocols() to match with its new signature and to remove redundant checks for fragmentation.
Fixes: 75020a7021 ("Common definitions for VMWARE devices") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
02ef5fdc |
| 23-Feb-2023 |
Akihiko Odaki <akihiko.odaki@daynix.com> |
hw/net/net_tx_pkt: Implement TCP segmentation
There was no proper implementation of TCP segmentation before this change, and net_tx_pkt relied solely on IPv4 fragmentation. Not only this is not alig
hw/net/net_tx_pkt: Implement TCP segmentation
There was no proper implementation of TCP segmentation before this change, and net_tx_pkt relied solely on IPv4 fragmentation. Not only this is not aligned with the specification, but it also resulted in corrupted IPv6 packets.
This is particularly problematic for the igb, a new proposed device implementation; igb provides loopback feature for VMDq and the feature relies on software segmentation.
Implement proper TCP segmentation in net_tx_pkt to fix such a scenario.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
Revision tags: v7.2.0, v7.2.0-rc4, v7.2.0-rc3, v7.2.0-rc2, v7.2.0-rc1, v7.2.0-rc0, v7.1.0, v7.1.0-rc4, v7.1.0-rc3, v7.1.0-rc2, v7.1.0-rc1, v7.1.0-rc0, v7.0.0, v7.0.0-rc4, v7.0.0-rc3, v7.0.0-rc2, v7.0.0-rc1, v7.0.0-rc0 |
|
#
9d6267b2 |
| 12-Feb-2022 |
Thomas Jansen <mithi@mithi.net> |
net/eth: Don't consider ESP to be an IPv6 option header
The IPv6 option headers all have in common that they start with some common fields, in particular the type of the next header followed by the
net/eth: Don't consider ESP to be an IPv6 option header
The IPv6 option headers all have in common that they start with some common fields, in particular the type of the next header followed by the extention header length. This is used to traverse the list of the options. The ESP header does not follow that format, which can break the IPv6 option header traversal code in eth_parse_ipv6_hdr().
The effect of that is that network interfaces such as vmxnet3 that use the following call chain eth_is_ip6_extension_header_type eth_parse_ipv6_hdr net_tx_pkt_parse_headers net_tx_pkt_parse vmxnet3_process_tx_queue to send packets from the VM out to the host will drop packets of the following structure: Ethernet-Header(IPv6-Header(ESP(encrypted data)))
Note that not all types of network interfaces use the net_tx_pkt_parse function though, leading to inconsistent behavior regarding sending those packets. The e1000 network interface for example does not suffer from this limitation.
By not considering ESP to be an IPv6 header we can allow sending those packets out to the host on all types of network interfaces.
Fixes: 75020a702151 ("Common definitions for VMWARE devices") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/149 Buglink: https://bugs.launchpad.net/qemu/+bug/1758091 Signed-off-by: Thomas Jansen <mithi@mithi.net> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
Revision tags: v6.1.1, v6.2.0, v6.2.0-rc4, v6.2.0-rc3, v6.2.0-rc2, v6.2.0-rc1, v6.2.0-rc0, v6.0.1, v6.1.0, v6.1.0-rc4, v6.1.0-rc3, v6.1.0-rc2, v6.1.0-rc1, v6.1.0-rc0, v6.0.0, v6.0.0-rc5, v6.0.0-rc4, v6.0.0-rc3, v6.0.0-rc2, v6.0.0-rc1, v6.0.0-rc0 |
|
#
c7274b5e |
| 10-Mar-2021 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
net/eth: Add an assert() and invert if() statement to simplify code
To simplify the function body, invert the if() statement, returning earlier. Since we already checked there is enough data in the
net/eth: Add an assert() and invert if() statement to simplify code
To simplify the function body, invert the if() statement, returning earlier. Since we already checked there is enough data in the iovec buffer, simply add an assert() call to consume the bytes_read variable.
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
7d6a4f12 |
| 10-Mar-2021 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
net/eth: Read ip6_ext_hdr_routing buffer before accessing it
We can't know the caller read enough data in the memory pointed by ext_hdr to cast it as a ip6_ext_hdr_routing. Declare rt_hdr on the sta
net/eth: Read ip6_ext_hdr_routing buffer before accessing it
We can't know the caller read enough data in the memory pointed by ext_hdr to cast it as a ip6_ext_hdr_routing. Declare rt_hdr on the stack and fill it again from the iovec.
Since we already checked there is enough data in the iovec buffer, simply add an assert() call to consume the bytes_read variable.
This fix a 2 bytes buffer overrun in eth_parse_ipv6_hdr() reported by QEMU fuzzer:
$ cat << EOF | ./qemu-system-i386 -M pc-q35-5.0 \ -accel qtest -monitor none \ -serial none -nographic -qtest stdio outl 0xcf8 0x80001010 outl 0xcfc 0xe1020000 outl 0xcf8 0x80001004 outw 0xcfc 0x7 write 0x25 0x1 0x86 write 0x26 0x1 0xdd write 0x4f 0x1 0x2b write 0xe1020030 0x4 0x190002e1 write 0xe102003a 0x2 0x0807 write 0xe1020048 0x4 0x12077cdd write 0xe1020400 0x4 0xba077cdd write 0xe1020420 0x4 0x190002e1 write 0xe1020428 0x4 0x3509d807 write 0xe1020438 0x1 0xe2 EOF ================================================================= ==2859770==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdef904902 at pc 0x561ceefa78de bp 0x7ffdef904820 sp 0x7ffdef904818 READ of size 1 at 0x7ffdef904902 thread T0 #0 0x561ceefa78dd in _eth_get_rss_ex_dst_addr net/eth.c:410:17 #1 0x561ceefa41fb in eth_parse_ipv6_hdr net/eth.c:532:17 #2 0x561cef7de639 in net_tx_pkt_parse_headers hw/net/net_tx_pkt.c:228:14 #3 0x561cef7dbef4 in net_tx_pkt_parse hw/net/net_tx_pkt.c:273:9 #4 0x561ceec29f22 in e1000e_process_tx_desc hw/net/e1000e_core.c:730:29 #5 0x561ceec28eac in e1000e_start_xmit hw/net/e1000e_core.c:927:9 #6 0x561ceec1baab in e1000e_set_tdt hw/net/e1000e_core.c:2444:9 #7 0x561ceebf300e in e1000e_core_write hw/net/e1000e_core.c:3256:9 #8 0x561cef3cd4cd in e1000e_mmio_write hw/net/e1000e.c:110:5
Address 0x7ffdef904902 is located in stack of thread T0 at offset 34 in frame #0 0x561ceefa320f in eth_parse_ipv6_hdr net/eth.c:486
This frame has 1 object(s): [32, 34) 'ext_hdr' (line 487) <== Memory access at offset 34 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow net/eth.c:410:17 in _eth_get_rss_ex_dst_addr Shadow bytes around the buggy address: 0x10003df188d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df188e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df188f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18910: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x10003df18920:[02]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Stack left redzone: f1 Stack right redzone: f3 ==2859770==ABORTING
Add the corresponding qtest case with the fuzzer reproducer.
FWIW GCC 11 similarly reported:
net/eth.c: In function 'eth_parse_ipv6_hdr': net/eth.c:410:15: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds] 410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { | ~~~~~^~~~~~~ net/eth.c:485:24: note: while referencing 'ext_hdr' 485 | struct ip6_ext_hdr ext_hdr; | ^~~~~~~ net/eth.c:410:38: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds] 410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { | ~~~~~^~~~~~~~~ net/eth.c:485:24: note: while referencing 'ext_hdr' 485 | struct ip6_ext_hdr ext_hdr; | ^~~~~~~
Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/qemu/+bug/1879531 Reported-by: Alexander Bulekov <alxndr@bu.edu> Reported-by: Miroslav Rezanina <mrezanin@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Fixes: eb700029c78 ("net_pkt: Extend packet abstraction as required by e1000e functionality") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
ef763586 |
| 10-Mar-2021 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
net/eth: Check iovec has enough data earlier
We want to check fields from ip6_ext_hdr_routing structure and if correct read the full in6_address. Let's directly check if our iovec contains enough da
net/eth: Check iovec has enough data earlier
We want to check fields from ip6_ext_hdr_routing structure and if correct read the full in6_address. Let's directly check if our iovec contains enough data for everything, else return early.
Suggested-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
6f10f77d |
| 10-Mar-2021 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
net/eth: Check size earlier in _eth_get_rss_ex_dst_addr()
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Signed-off-by: Philippe Mathieu-D
net/eth: Check size earlier in _eth_get_rss_ex_dst_addr()
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|
#
dbd8d3f9 |
| 10-Mar-2021 |
Philippe Mathieu-Daudé <philmd@redhat.com> |
net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
The 'offset' argument represents the offset to the ip6_ext_hdr header, rename it as 'ext_hdr_offset'.
Reviewed-by: Stefano Garzar
net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
The 'offset' argument represents the offset to the ip6_ext_hdr header, rename it as 'ext_hdr_offset'.
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
show more ...
|