qemu/hw/net
Jason Wang 415f21c723 virtio-net: correctly copy vnet header when flushing TX
When HASH_REPORT is negotiated, the guest_hdr_len might be larger than
the size of the mergeable rx buffer header. Using
virtio_net_hdr_mrg_rxbuf during the header swap might lead a stack
overflow in this case. Fixing this by using virtio_net_hdr_v1_hash
instead.

Reported-by: Xiao Lei <leixiao.nop@zju.edu.cn>
Cc: Yuri Benditovich <yuri.benditovich@daynix.com>
Cc: qemu-stable@nongnu.org
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Fixes: CVE-2023-6693
Fixes: e22f0603fb ("virtio-net: reference implementation of hash report")
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 2220e8189f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2024-01-26 16:20:07 +03:00
..
can net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
fsl_etsec net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
rocker net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
allwinner_emac.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
allwinner-sun8i-emac.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
cadence_gem.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
dp8393x.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
e1000_regs.h net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
e1000.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
e1000e_core.c e1000e: Fix tx/rx counters 2023-05-23 23:16:42 +03:00
e1000e_core.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000e.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
e1000x_common.c e1000e: Fix tx/rx counters 2023-05-23 23:16:42 +03:00
e1000x_common.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
eepro100.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
etraxfs_eth.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
ftgmac100.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
i82596.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
i82596.h hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
imx_fec.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
Kconfig hw/net/can: Correct Kconfig dependencies 2020-09-30 19:11:37 +02:00
lan9118.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
lance.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
lasi_i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
mcf_fec.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
meson.build meson: use have_vhost_* variables to pick sources 2022-05-07 07:46:58 +02:00
mipsnet.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
msf2-emac.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
mv88w8618_eth.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
ne2000-isa.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
ne2000-pci.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
ne2000.c net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
ne2000.h Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
net_rx_pkt.c NetRxPkt: fix hash calculation of IPV6 TCP 2020-03-03 18:04:47 +08:00
net_rx_pkt.h NetRxPkt: Introduce support for additional hash types 2020-03-03 18:04:47 +08:00
net_tx_pkt.c hw/net/net_tx_pkt: Fix crash detected by fuzzer 2021-07-19 09:33:39 +02:00
net_tx_pkt.h hw/net: Added plen fix for IPv6 2020-07-21 21:30:39 +08:00
npcm7xx_emc.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
opencores_eth.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
pcnet-pci.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
pcnet.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
pcnet.h net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
rtl8139.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
smc91c111.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
spapr_llan.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
stellaris_enet.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
sungem.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
sunhme.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
trace-events hw/net: e1000e: Clear ICR on read when using non MSI-X interrupts 2022-02-14 11:50:44 +08:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
tulip.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
tulip.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
vhost_net-stub.c vhost-net: vhost-kernel: introduce vhost_net_virtqueue_restart() 2022-11-07 13:12:20 -05:00
vhost_net.c vhost: enable vrings in vhost_dev_start() for vhost-user devices 2022-12-01 02:30:04 -05:00
virtio-net.c virtio-net: correctly copy vnet header when flushing TX 2024-01-26 16:20:07 +03:00
vmware_utils.h hw/net/vmxnet3: Fix code to work on big endian hosts, too 2017-11-20 11:08:00 +08:00
vmxnet3_defs.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vmxnet3.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
vmxnet3.h Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
vmxnet_debug.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
xen_nic.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
xgmac.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
xilinx_axienet.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00
xilinx_ethlite.c net: Provide MemReentrancyGuard * to qemu_new_nic() 2023-11-29 16:19:39 +03:00