qemu/hw/net
Vladislav Yasevich fabdcd3392 rtl8139: Fix receive buffer overflow check
rtl8139_do_receive() tries to check for the overflow condition
by making sure that packet_size + 8 does not exceed the
available buffer space.  The issue here is that RxBuffAddr,
used to calculate available buffer space, is aligned to a
a 4 byte boundry after every update.  So it is possible that
every packet ends up being slightly padded when written
to the receive buffer.  This padding is not taken into
account when checking for overflow and we may end up missing
the overflow condition can causing buffer overwrite.

This patch takes alignment into consideration when
checking for overflow condition.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Reviewed-by: Jason Wang <jasowang@redhat.com>
Message-id: 1441121206-6997-2-git-send-email-vyasevic@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2015-09-02 13:42:31 +01:00
..
fsl_etsec etsec: Flush queue when rx buffer is consumed 2015-07-27 14:12:18 +01:00
rocker rocker: mark copy-to-cpu pkts as forwarding offloaded 2015-07-07 13:13:22 +01:00
allwinner_emac.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
cadence_gem.c cadence_gem: Fix Rx buffer size field mask 2015-06-03 16:03:03 +03:00
dp8393x.c net/dp8393x: do not use memory_region_init_rom_device with NULL 2015-07-28 09:30:10 +01:00
e1000_regs.h e1000: improve auto-negotiation reporting via mii-tool 2014-06-23 17:38:00 +03:00
e1000.c e1000: flush packets when link comes up 2015-07-07 13:10:26 +01:00
eepro100.c eepro100: Drop nic_can_receive 2015-07-27 14:12:18 +01:00
etraxfs_eth.c etraxfs_eth: Drop eth_can_receive 2015-07-20 17:47:24 +01:00
lan9118.c lan9118: Drop lan9118_can_receive 2015-07-20 17:47:24 +01:00
lance.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
Makefile.objs qmp/hmp: add rocker device support 2015-06-12 13:42:17 +01:00
mcf_fec.c hw/net: handle flow control in mcf_fec driver receiver 2015-07-28 11:27:53 +01:00
milkymist-minimac2.c milkymist-minimac2: Flush queued packets when link comes up 2015-07-27 14:12:18 +01:00
mipsnet.c mipsnet: Flush queued packets when receiving is enabled 2015-07-27 14:12:18 +01:00
ne2000-isa.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
ne2000.c pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
ne2000.h ne2000: pass device to ne2000_setup_io, use it as owner 2013-07-04 17:42:46 +02:00
opencores_eth.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
pcnet-pci.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
pcnet.c pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
pcnet.h pcnet: Drop pcnet_can_receive 2015-07-27 14:12:18 +01:00
rtl8139.c rtl8139: Fix receive buffer overflow check 2015-09-02 13:42:31 +01:00
smc91c111.c net: remove all cleanup methods from NIC NetClientInfos 2015-01-12 10:16:23 +00:00
spapr_llan.c spapr: Merge sPAPREnvironment into sPAPRMachineState 2015-07-07 17:44:50 +02:00
stellaris_enet.c stellaris_enet: Flush queued packets when read done 2015-07-27 14:12:18 +01:00
vhost_net.c Revert "vhost-user: add multi queue support" 2015-07-20 14:19:40 +03:00
virtio-net.c virtio-net: remove useless codes 2015-08-13 14:08:29 +03:00
vmware_utils.h exec: Make stb_phys input an AddressSpace 2014-02-11 22:57:38 +10:00
vmxnet3.c net/vmxnet3: Fix incorrect debug message 2015-08-04 09:41:22 +01:00
vmxnet3.h vmxnet3: Eliminate __packed redefined warning 2013-09-06 17:25:55 +02:00
vmxnet_debug.h hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
vmxnet_rx_pkt.c net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data' 2015-07-20 17:39:05 +01:00
vmxnet_rx_pkt.h net/vmxnet3: Refactor 'vmxnet_rx_pkt_attach_data' 2015-07-20 17:39:05 +01:00
vmxnet_tx_pkt.c misc: Use g_assert_not_reached for code which is expected to be unreachable 2013-07-27 11:22:54 +04:00
vmxnet_tx_pkt.h hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
xen_nic.c xen: Drop net_rx_ok 2015-07-28 11:35:54 +01:00
xgmac.c xgmac: Drop packets with eth_can_rx is false. 2015-07-27 14:12:18 +01:00
xilinx_axienet.c axienet: Flush queued packets when rx is done 2015-07-27 14:12:18 +01:00
xilinx_ethlite.c xilinx_ethlite: Clean up after commit 2f991ad 2015-03-10 08:15:33 +03:00