]> xenbits.xensource.com Git - qemu-xen.git/commit
projects / qemu-xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1ce084a) | patch
e1000: fix tx re-entrancy problem
authorJon Maloy <jmaloy@redhat.com>
Thu, 21 Oct 2021 16:10:47 +0000 (12:10 -0400)
committerMichael Roth <michael.roth@amd.com>
Tue, 14 Dec 2021 23:40:06 +0000 (17:40 -0600)
commit43583f0c079b084ada9214c00125e21bbfc6266a
treede1754b1e7c1d3358317b48272226646fc5e4176tree
parent1ce084af083b6958c8287ea742a008a105bc960dcommit | diff
e1000: fix tx re-entrancy problem

The fact that the MMIO handler is not re-entrant causes an infinite
loop under certain conditions:

Guest write to TDT ->  Loopback -> RX (DMA to TDT) -> TX

We now eliminate the effect of this problem locally in e1000, by adding
a boolean in struct E1000State indicating when the TX side is busy. This
will cause any entering new call to return early instead of interfering
with the ongoing work, and eliminates any risk of looping.

This is intended to address CVE-2021-20257.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 25ddb946e6301f42cff3094ea1c25fb78813e7e9)
Signed-off-by: Michael Roth <michael.roth@amd.com>
hw/net/e1000.c diff | blob | blame | history
qemu-xen (upstream qemu) tree.