summaryrefslogtreecommitdiffstats
path: root/hw/net
diff options
context:
space:
mode:
authorStefan Hajnoczi2022-11-11 17:44:07 +0100
committerStefan Hajnoczi2022-11-11 17:44:07 +0100
commit67c6597ad19e07313ea4f845fcda1ad574897242 (patch)
treed8ddd9e6ee782ef41ad2147efd50628d28ea5db9 /hw/net
parentMerge tag 'pull-tcg-20221109' of https://gitlab.com/rth7680/qemu into staging (diff)
parentvirtio-net: fix for heap-buffer-overflow (diff)
downloadqemu-67c6597ad19e07313ea4f845fcda1ad574897242.tar.gz
qemu-67c6597ad19e07313ea4f845fcda1ad574897242.tar.xz
qemu-67c6597ad19e07313ea4f845fcda1ad574897242.zip
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
pc,virtio: regression fixes fixes issues from the last pull request: unresolved symbols for taargets without acpi typo in a comment in checkpatch virtio buffer overflow Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmNtZ0gPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpc/oIAIYNoZZGbAd9kvePlwO9mDiw8mMILNo2ylnh # RXNUggqmNy/A4Tiu9WFFUwHlT7CWUQAz6gYTyC3eyr7rz87GhjF16EQ+hMOi9wVr # MlgbYyvp+/MBQDdJGbJJVXxL1/wmC4LAQws8S3AVY++dvEegxod7uC2vF8abHUP+ # vvihz+SHqhDFL5TSLITNOWQfIp4KIaNIx2ZugHI7mYKUHS7YwW38QC3dScTQlsV/ # /qr1YhJ9mGFWBq+dFytBwcQjA+NSKN2wQJtEQadGO7cTzcrBenLewoN1VOKcv2+s # jTNAt7Q973HVAQMYWuQB5272S3Xar1ArpUPxm6IwEbYB5Q9OJCg= # =me5Q # -----END PGP SIGNATURE----- # gpg: Signature made Thu 10 Nov 2022 16:04:08 EST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: virtio-net: fix for heap-buffer-overflow display: include dependencies explicitly checkpatch: typo fix Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'hw/net')
-rw-r--r--hw/net/virtio-net.c18
1 files changed, 16 insertions, 2 deletions
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 8b32339b76..aba12759d5 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -549,7 +549,14 @@ static RxFilterInfo *virtio_net_query_rxfilter(NetClientState *nc)
static void virtio_net_queue_reset(VirtIODevice *vdev, uint32_t queue_index)
{
VirtIONet *n = VIRTIO_NET(vdev);
- NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(queue_index));
+ NetClientState *nc;
+
+ /* validate queue_index and skip for cvq */
+ if (queue_index >= n->max_queue_pairs * 2) {
+ return;
+ }
+
+ nc = qemu_get_subqueue(n->nic, vq2q(queue_index));
if (!nc->peer) {
return;
@@ -566,9 +573,16 @@ static void virtio_net_queue_reset(VirtIODevice *vdev, uint32_t queue_index)
static void virtio_net_queue_enable(VirtIODevice *vdev, uint32_t queue_index)
{
VirtIONet *n = VIRTIO_NET(vdev);
- NetClientState *nc = qemu_get_subqueue(n->nic, vq2q(queue_index));
+ NetClientState *nc;
int r;
+ /* validate queue_index and skip for cvq */
+ if (queue_index >= n->max_queue_pairs * 2) {
+ return;
+ }
+
+ nc = qemu_get_subqueue(n->nic, vq2q(queue_index));
+
if (!nc->peer || !vdev->vhost_started) {
return;
}