mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw
History
Jason Wang 415f21c723 virtio-net: correctly copy vnet header when flushing TX 
When HASH_REPORT is negotiated, the guest_hdr_len might be larger than
the size of the mergeable rx buffer header. Using
virtio_net_hdr_mrg_rxbuf during the header swap might lead a stack
overflow in this case. Fixing this by using virtio_net_hdr_v1_hash
instead.

Reported-by: Xiao Lei <leixiao.nop@zju.edu.cn>
Cc: Yuri Benditovich <yuri.benditovich@daynix.com>
Cc: qemu-stable@nongnu.org
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Fixes: CVE-2023-6693
Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report")
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 2220e8189fb94068dbad333228659fbac819abb0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-01-26 16:20:07 +03:00
..
9pfs
hw: replace most qemu_bh_new calls with qemu_bh_new_guarded
2023-09-11 10:53:50 +03:00
acpi
hw/acpi/erst: Do not ignore Error* in realize handler
2023-12-20 19:11:10 +03:00
adc
hw/adc: Make adci[*] R/W in NPCM7XX ADC
2022-07-18 13:20:14 +01:00
alpha
hw: Remove unused MAX_IDE_BUS define
2022-10-31 11:32:07 +01:00
arm
hw/arm/smmu: Handle big-endian hosts correctly
2023-07-31 09:12:06 +03:00
audio
hw/audio/hda-codec: fix multiplication overflow
2023-12-20 19:11:10 +03:00
avr
block
hw/pflash: implement update buffer for block writes
2024-01-20 17:41:47 +03:00
char
hw/char/riscv_htif: Fix printing of console characters on big endian hosts
2023-09-13 12:21:22 +03:00
core
machine: Add helpers to get cores/threads per socket
2023-09-11 10:53:50 +03:00
cpu
cris
cxl
hw/cxl: Fix CFMW config memory leak
2023-09-25 23:43:49 +03:00
display
ati-vga: Implement fallback for pixman routines
2023-11-07 20:23:38 +03:00
dma
hw/dma/xilinx_axidma: Check DMASR.HALTED to prevent infinite loop.
2023-05-31 09:43:56 +03:00
gpio
hw/gpio/meson: Introduce dedicated config switch for hw/gpio/mpc8xxx
2022-10-17 16:15:09 -03:00
hppa
target/hppa: Provide qemu version via fw_cfg to firmware
2023-06-26 19:35:29 +03:00
hyperv
hw/hyperv/hyperv.c: Use device_cold_reset() instead of device_legacy_reset()
2022-10-27 10:27:23 +01:00
i2c
hw/i2c/aspeed: Fix TXBUF transmission start position error
2023-09-11 10:53:51 +03:00
i386
amd_iommu: Fix APIC address check
2023-10-21 14:05:14 +03:00
ide
hw/ide/ahci: fix legacy software reset
2023-11-22 14:25:06 +03:00
input
lasips2: LASI PS/2 devices are not user-createable
2023-10-21 14:05:14 +03:00
intc
hw/intc/arm_gicv3_cpuif: handle LPIs in in the list registers
2024-01-11 20:59:59 +03:00
ipack
ipmi
ipmi:smbus: Add a check around a memcpy
2022-08-01 06:40:50 -05:00
isa
acpi: x86: move RPQx field back to _SB scope
2022-11-22 05:19:00 -05:00
loongarch
Revert "hw/loongarch/virt: Add cfi01 pflash device"
2022-12-05 11:24:35 -05:00
m68k
m68k/q800: do not re-randomize RNG seed on snapshot load
2022-10-27 11:34:31 +01:00
mem
hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange
2022-11-07 13:12:19 -05:00
microblaze
hw/microblaze: pass random seed to fdt
2022-09-21 19:59:56 +02:00
mips
hw/mips/malta: Fix the malta machine on big endian hosts
2023-12-20 19:11:10 +03:00
misc
hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
2023-12-20 19:11:10 +03:00
net
virtio-net: correctly copy vnet header when flushing TX
2024-01-26 16:20:07 +03:00
nios2
hw/nios2: set machine->fdt in nios2_load_dtb()
2022-10-17 16:15:10 -03:00
nubus
nvme
hw/nvme: fix CRC64 for guard tag
2023-09-11 10:53:50 +03:00
nvram
hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
2023-12-20 19:11:10 +03:00
openrisc
openrisc: re-randomize rng-seed on reboot
2022-10-27 11:34:31 +01:00
pci
msix: unset PCIDevice::msix_vector_poll_notifier in rollback
2023-12-20 19:11:10 +03:00
pci-bridge
hw/pci-bridge/cxl-upstream: Add a CDAT table access DOE
2022-11-07 13:12:19 -05:00
pci-host
raven: disable reentrancy detection for iomem
2023-09-11 10:53:50 +03:00
pcmcia
ppc
hw/ppc: Always store the decrementer value
2023-09-25 23:43:49 +03:00
rdma
hw/pvrdma: Protect against buggy or malicious guest driver
2023-10-21 14:05:14 +03:00
remote
hw/remote: Fix vfu_cfg trace offset format
2023-06-11 11:02:28 +03:00
riscv
hw/riscv: virt: Fix riscv,pmu DT node path
2023-09-13 12:21:22 +03:00
rtc
goldfish_rtc: Add big-endian property
2022-09-04 07:02:56 +01:00
rx
rx: re-randomize rng-seed on reboot
2022-10-27 11:34:31 +01:00
s390x
s390x/ap: fix missing subsystem reset registration
2023-09-13 21:57:05 +03:00
scsi
hw/scsi/esp-pci: set DMA_STAT_BCMBLT when BLAST command issued
2024-01-20 18:31:36 +03:00
sd
hw/sd/sdhci: Block Size Register bits [14:12] is lost
2023-10-24 09:12:49 +03:00
sensor
hw/sensor: Add Renesas ISL69259 device model
2022-07-14 16:24:38 +02:00
sh4
smbios
hw/smbios: Fix core count in type4
2023-09-11 10:53:50 +03:00
sparc
sparc64
hw: Remove unused MAX_IDE_BUS define
2022-10-31 11:32:07 +01:00
ssi
aspeed/smc: Cache AspeedSMCClass
2022-10-24 11:20:15 +02:00
timer
hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
2023-06-22 10:38:38 +03:00
tpm
hw/tpm: TIS on sysbus: Remove unsupport ppi command line option
2023-09-13 12:21:22 +03:00
tricore
usb
net: Provide MemReentrancyGuard * to qemu_new_nic()
2023-11-29 16:19:39 +03:00
vfio
vfio/pci: Disable INTx in vfio_realize error path
2023-08-05 08:39:54 +03:00
virtio
hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
2023-12-20 19:11:10 +03:00
watchdog
watchdog: remove -watchdog option
2022-09-29 11:40:28 +02:00
xen
xen/pt: reserve PCI slot 2 for Intel igd-passthru
2023-05-18 21:09:59 +03:00
xenpv
xtensa
Kconfig
meson.build