qemu/net
Ani Sinha 3d12598b74 vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
When a peer nic is still attached to the vdpa backend, it is too early to free
up the vhost-net and vdpa structures. If these structures are freed here, then
QEMU crashes when the guest is being shut down. The following call chain
would result in an assertion failure since the pointer returned from
vhost_vdpa_get_vhost_net() would be NULL:

do_vm_stop() -> vm_state_notify() -> virtio_set_status() ->
virtio_net_vhost_status() -> get_vhost_net().

Therefore, we defer freeing up the structures until at guest shutdown
time when qemu_cleanup() calls net_cleanup() which then calls
qemu_del_net_client() which would eventually call vhost_vdpa_cleanup()
again to free up the structures. This time, the loop in net_cleanup()
ensures that vhost_vdpa_cleanup() will be called one last time when
all the peer nics are detached and freed.

All unit tests pass with this change.

CC: imammedo@redhat.com
CC: jusual@redhat.com
CC: mst@redhat.com
Fixes: CVE-2023-3301
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619065209.442185-1-anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit a0d7215e33)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context change for stable-7.2)
2023-06-26 19:35:39 +03:00
..
can util/log: Remove qemu_log_flush 2022-04-20 10:51:11 -07:00
announce.c include: move C/util-related declarations to cutils.h 2022-04-06 14:31:43 +02:00
checksum.c net/checksum: Remove unused variable in net_checksum_add_iov 2021-07-26 07:06:58 -10:00
clients.h qapi: net: add stream and dgram netdevs 2022-10-28 13:28:52 +08:00
colo-compare.c net/colo: Fix a "double free" crash to clear the conn_list 2022-07-20 16:58:08 +08:00
colo-compare.h Add the function of colo_compare_cleanup 2021-06-11 10:30:13 +08:00
colo.c net/colo.c: Fix the pointer issue reported by Coverity. 2022-09-02 10:22:39 +08:00
colo.h net/colo.c: Fix the pointer issue reported by Coverity. 2022-09-02 10:22:39 +08:00
dgram.c net: dgram: add unix socket 2022-10-28 13:28:52 +08:00
dump.c rtc: Move RTC function prototypes to their own header 2022-01-28 14:29:46 +00:00
eth.c net/eth: Don't consider ESP to be an IPv6 option header 2022-02-14 11:50:44 +08:00
filter-buffer.c netfilter: Use class properties 2020-12-15 10:02:07 -05:00
filter-mirror.c net/filter: Optimize filter_send to coroutine 2022-02-14 11:50:44 +08:00
filter-replay.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
filter-rewriter.c net/colo: Fix a "double free" crash to clear the conn_list 2022-07-20 16:58:08 +08:00
filter.c netfilter: Use class properties 2020-12-15 10:02:07 -05:00
hub.c qapi: net: add stream and dgram netdevs 2022-10-28 13:28:52 +08:00
hub.h net: Remove deprecated [hub_id name] tuple of 'hostfwd_add' / 'hostfwd_remove' 2020-03-09 18:44:04 +00:00
l2tpv3.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
meson.build qapi: net: add stream and dgram netdevs 2022-10-28 13:28:52 +08:00
net.c qapi: net: add stream and dgram netdevs 2022-10-28 13:28:52 +08:00
netmap.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
queue.c net: introduce qemu_receive_packet() 2021-03-15 16:41:22 +08:00
slirp.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
socket.c Add G_GNUC_PRINTF to function qemu_set_info_str and fix related issues 2022-11-27 13:36:17 -05:00
stream.c Add G_GNUC_PRINTF to function qemu_set_info_str and fix related issues 2022-11-27 13:36:17 -05:00
tap_int.h net: Added SetSteeringEBPF method for NetClientState. 2021-06-04 15:25:46 +08:00
tap-bsd.c Replace fcntl(O_NONBLOCK) with g_unix_set_fd_nonblocking() 2022-05-03 15:47:38 +04:00
tap-linux.c Replace fcntl(O_NONBLOCK) with g_unix_set_fd_nonblocking() 2022-05-03 15:47:38 +04:00
tap-linux.h net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
tap-solaris.c Replace fcntl(O_NONBLOCK) with g_unix_set_fd_nonblocking() 2022-05-03 15:47:38 +04:00
tap-stub.c net: Added SetSteeringEBPF method for NetClientState. 2021-06-04 15:25:46 +08:00
tap-win32.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
tap.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
trace-events net/colo.c: Fix the pointer issue reported by Coverity. 2022-09-02 10:22:39 +08:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
util.c net: Clean up includes 2016-02-04 17:41:30 +00:00
util.h Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
vde.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
vhost-user-stub.c vhost-net-user: add stubs for when no virtio-net device is present 2019-02-21 12:28:01 -05:00
vhost-user.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
vhost-vdpa-stub.c vhost-net-vdpa: add stubs for when no virtio-net device is present 2022-07-20 16:58:08 +08:00
vhost-vdpa.c vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present 2023-06-26 19:35:39 +03:00
vmnet_int.h net/vmnet: implement shared mode (vmnet-shared) 2022-05-17 16:48:23 +08:00
vmnet-bridged.m net/vmnet: implement bridged mode (vmnet-bridged) 2022-05-17 16:48:23 +08:00
vmnet-common.m net/vmnet: implement shared mode (vmnet-shared) 2022-05-17 16:48:23 +08:00
vmnet-host.c net/vmnet: implement host mode (vmnet-host) 2022-05-17 16:48:23 +08:00
vmnet-shared.c net/vmnet: implement shared mode (vmnet-shared) 2022-05-17 16:48:23 +08:00