]> xenbits.xensource.com Git - qemu-xen.git/commitdiff
projects / qemu-xen.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8c55254)
rtl8139: switch to use qemu_receive_packet() for loopback
authorAlexander Bulekov <alxndr@bu.edu>
Fri, 26 Feb 2021 18:47:53 +0000 (13:47 -0500)
committerJason Wang <jasowang@redhat.com>
Mon, 15 Mar 2021 08:41:22 +0000 (16:41 +0800)
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.

This is intended to address CVE-2021-3416.

Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1910826
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
hw/net/rtl8139.c patch | blob | blame | history

diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index 4675ac878e9d6e5f98281f5626e897de86b595db..90b4fc63ce64e07ab495bb477f5dc83371fc4ce3 100644 (file)
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -1795,7 +1795,7 @@ static void rtl8139_transfer_frame(RTL8139State *s, uint8_t *buf, int size,
         }
 
         DPRINTF("+++ transmit loopback mode\n");
-        rtl8139_do_receive(qemu_get_queue(s->nic), buf, size, do_interrupt);
+        qemu_receive_packet(qemu_get_queue(s->nic), buf, size);
 
         if (iov) {
             g_free(buf2);
qemu-xen (upstream qemu) tree.