qemu/hw/net
Jon Maloy 25ddb946e6 e1000: fix tx re-entrancy problem
The fact that the MMIO handler is not re-entrant causes an infinite
loop under certain conditions:

Guest write to TDT ->  Loopback -> RX (DMA to TDT) -> TX

We now eliminate the effect of this problem locally in e1000, by adding
a boolean in struct E1000State indicating when the TX side is busy. This
will cause any entering new call to return early instead of interfering
with the ongoing work, and eliminates any risk of looping.

This is intended to address CVE-2021-20257.

Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-11-05 11:31:42 +08:00
..
can hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes 2021-08-02 12:19:18 +08:00
fsl_etsec hw/net: fsl_etsec: Tx padding length should exclude CRC 2021-03-31 11:10:50 +11:00
rocker net/rocker: use GDateTime for formatting timestamp in debug messages 2021-07-14 14:15:52 +01:00
allwinner_emac.c hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
allwinner-sun8i-emac.c hw/net/allwinner-sun8i-emac: traverse transmit queue using TX_CUR_DESC register value 2021-03-12 12:40:10 +00:00
cadence_gem.c cadence_gem: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
dp8393x.c dp8393x: don't force 32-bit register access 2021-07-11 22:29:54 +02:00
e1000_regs.h
e1000.c e1000: fix tx re-entrancy problem 2021-11-05 11:31:42 +08:00
e1000e_core.c hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor 2021-08-02 12:19:18 +08:00
e1000e_core.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000e.c hw/net: e1000e: Correct the initial value of VET register 2021-08-02 12:19:18 +08:00
e1000x_common.c e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
e1000x_common.h e1000e: Fix Lesser GPL version number 2020-11-15 16:45:49 +01:00
eepro100.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
etraxfs_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ftgmac100.c net: checksum: Introduce fine control over checksum type 2021-01-25 17:04:56 +08:00
i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
i82596.h hw/net: Make NetCanReceive() return a boolean 2020-03-31 21:14:35 +08:00
imx_fec.c hw/net/imx_fec: return 0xffff when accessing non-existing PHY 2021-05-27 11:03:07 +08:00
Kconfig hw/net/can: Correct Kconfig dependencies 2020-09-30 19:11:37 +02:00
lan9118.c lan9118: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
lance.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
lasi_i82596.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
mcf_fec.c mcf_fec: Move mcf_fec_state typedef to header 2020-08-27 14:04:54 -04:00
meson.build Drop the deprecated lm32 target 2021-05-12 18:20:25 +02:00
mipsnet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
msf2-emac.c Do not include exec/address-spaces.h if it's not really necessary 2021-05-02 17:24:51 +02:00
ne2000-isa.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
ne2000-pci.c Drop more @errp parameters after previous commit 2020-05-15 07:08:14 +02:00
ne2000.c
ne2000.h
net_rx_pkt.c NetRxPkt: fix hash calculation of IPV6 TCP 2020-03-03 18:04:47 +08:00
net_rx_pkt.h NetRxPkt: Introduce support for additional hash types 2020-03-03 18:04:47 +08:00
net_tx_pkt.c hw/net/net_tx_pkt: Fix crash detected by fuzzer 2021-07-19 09:33:39 +02:00
net_tx_pkt.h hw/net: Added plen fix for IPv6 2020-07-21 21:30:39 +08:00
npcm7xx_emc.c net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set 2021-03-30 14:05:33 +01:00
opencores_eth.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
pcnet-pci.c Remove superfluous timer_del() calls 2021-01-08 15:13:38 +00:00
pcnet.c pcnet: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
pcnet.h lance: replace PROP_PTR with PROP_LINK 2020-01-07 17:24:29 +04:00
rtl8139.c rtl8139: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
smc91c111.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
spapr_llan.c Do not include cpu.h if it's not really necessary 2021-05-02 17:24:51 +02:00
stellaris_enet.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
sungem.c sungem: switch to use qemu_receive_packet() for loopback 2021-03-15 16:41:22 +08:00
sunhme.c Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
trace-events dp8393x: convert to trace-events 2021-07-02 17:35:08 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
tulip.c tulip: Move TulipState typedef to header 2020-08-27 14:04:54 -04:00
tulip.h Use OBJECT_DECLARE_SIMPLE_TYPE when possible 2020-09-18 14:12:32 -04:00
vhost_net-stub.c vhost-net: control virtqueue support 2021-10-20 04:44:05 -04:00
vhost_net.c virtio-net: vhost control virtqueue support 2021-10-20 04:44:05 -04:00
virtio-net.c virtio-net: vhost control virtqueue support 2021-10-20 04:44:05 -04:00
vmware_utils.h
vmxnet3_defs.h Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00
vmxnet3.c hw/net/vmxnet3: Do not abort QEMU if guest specified bad queue numbers 2021-08-02 12:19:18 +08:00
vmxnet3.h
vmxnet_debug.h
xen_nic.c Revert "net: Move NetClientState.info_str to dynamic allocations" 2021-04-08 17:33:59 +08:00
xgmac.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
xilinx_axienet.c hw/net/xilinx_axienet: Rename StreamSlave as StreamSink 2020-12-10 12:15:04 -05:00
xilinx_ethlite.c Use DECLARE_*CHECKER* macros 2020-09-09 09:27:09 -04:00