bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	hw/net/net_tx_pkt: fix assertion failure in net_tx_pkt_add_raw_fragment()	Mauro Matteo Cascella	2020-08-04	1	-1/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	An assertion failure issue was found in the code that processes network packets while adding data fragments into the packet context. It could be abused by a malicious guest to abort the QEMU process on the host. This patch replaces the affected assert() with a conditional statement, returning false if the current data fragment exceeds max_raw_frags. Reported-by: Alexander Bulekov <alxndr@bu.edu> Reported-by: Ziming Zhang <ezrakiez@gmail.com> Reviewed-by: Dmitry Fleytman <dmitry.fleytman@gmail.com> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	hw/net: Added plen fix for IPv6	Andrew	2020-07-21	1	-0/+23
\| \| \| \| \| \| \| \| \| \| \|	Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1708065 With network backend with 'virtual header' - there was an issue in 'plen' field. Overall, during TSO, 'plen' would be changed, but with 'vheader' this field should be set to the size of the payload itself instead of '0'. Signed-off-by: Andrew Melnychenko <andrew@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	hw/net: Added CSO for IPv6	Andrew	2020-07-15	1	-3/+12
\| \| \| \| \| \| \| \| \|	Added fix for checksum offload for IPv6 if a backend doesn't have a virtual header. This patch is a part of IPv6 fragmentation. Signed-off-by: Andrew Melnychenko <andrew@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	net: fix misaligned member access	Marc-André Lureau	2018-03-02	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fixes the following ASAN warnings: /home/elmarco/src/qemu/hw/net/net_tx_pkt.c:201:27: runtime error: member access within misaligned address 0x631000028846 for type 'struct ip_header', which requires 4 byte alignment 0x631000028846: note: pointer points here 01 00 00 00 45 00 01 a9 01 00 00 00 40 11 78 45 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ^ /home/elmarco/src/qemu/hw/net/net_tx_pkt.c:208:63: runtime error: member access within misaligned address 0x631000028846 for type 'struct ip_header', which requires 4 byte alignment 0x631000028846: note: pointer points here 01 00 00 00 45 00 01 a9 01 00 00 00 40 11 78 45 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ^ /home/elmarco/src/qemu/hw/net/net_tx_pkt.c:210:13: runtime error: member access within misaligned address 0x631000028846 for type 'struct ip_header', which requires 4 byte alignment 0x631000028846: note: pointer points here 01 00 00 00 45 00 01 a9 01 00 00 00 40 11 78 45 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20180209190340.19516-1-marcandre.lureau@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
*	net: Transmit zero UDP checksum as 0xFFFF	Ed Swierk	2017-11-20	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The checksum algorithm used by IPv4, TCP and UDP allows a zero value to be represented by either 0x0000 and 0xFFFF. But per RFC 768, a zero UDP checksum must be transmitted as 0xFFFF because 0x0000 is a special value meaning no checksum. Substitute 0xFFFF whenever a checksum is computed as zero when modifying a UDP datagram header. Doing this on IPv4 and TCP checksums is unnecessary but legal. Add a wrapper for net_checksum_finish() that makes the substitution. (We can't just change net_checksum_finish(), as that function is also used by receivers to verify checksums, and in that case the expected value is always 0x0000.) Signed-off-by: Ed Swierk <eswierk@skyportsystems.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	net: vmxnet: use g_new for pkt initialisation	Li Qiang	2016-08-18	1	-3/+2
\| \| \| \| \| \| \| \| \| \| \| \|	When network transport abstraction layer initialises pkt, the maximum fragmentation count is not checked. This could lead to an integer overflow causing a NULL pointer dereference. Replace g_malloc() with g_new() to catch the multiplication overflow. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Acked-by: Dmitry Fleytman <dmitry@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	net: check fragment length during fragmentation	Prasad J Pandit	2016-08-09	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Network transport abstraction layer supports packet fragmentation. While fragmenting a packet, it checks for more fragments from packet length and current fragment length. It is susceptible to an infinite loop, if the current fragment length is zero. Add check to avoid it. Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Reviewed-by: Dmitry Fleytman <dmitry@daynix.com> CC: qemu-stable@nongnu.org Signed-off-by: Jason Wang <jasowang@redhat.com>
*	clean-includes: run it once more	Paolo Bonzini	2016-06-16	1	-0/+1
\| \| \| \|	Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
*	vmxnet3: Use pci_dma_* API instead of cpu_physical_memory_*	Dmitry Fleytman	2016-06-02	1	-5/+11
\| \| \| \| \| \| \| \| \| \|	To make this device and network packets abstractions ready for IOMMU. Signed-off-by: Dmitry Fleytman <dmitry.fleytman@ravellosystems.com> Signed-off-by: Leonid Bloch <leonid.bloch@ravellosystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	net_pkt: Extend packet abstraction as required by e1000e functionality	Dmitry Fleytman	2016-06-02	1	-77/+127
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch extends the TX/RX packet abstractions with features that will be used by the e1000e device implementation. Changes are: 1. Support iovec lists for RX buffers 2. Deeper RX packets parsing 3. Loopback option for TX packets 4. Extended VLAN headers handling 5. RSS processing for RX packets Signed-off-by: Dmitry Fleytman <dmitry.fleytman@ravellosystems.com> Signed-off-by: Leonid Bloch <leonid.bloch@ravellosystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
*	net_pkt: Name vmxnet3 packet abstractions more generic	Dmitry Fleytman	2016-06-02	1	-0/+581
	This patch drops "vmx" prefix from packet abstractions names to emphasize the fact they are generic and not tied to any specific network device. These abstractions will be reused by e1000e emulation implementation introduced by following patches so their names need generalization. This patch (except renamed files, adjusted comments and changes in MAINTAINTERS) was produced by: git grep -lz 'vmxnet_tx_pkt' \| xargs -0 perl -i'' -pE "s/vmxnet_tx_pkt/net_tx_pkt/g" git grep -lz 'vmxnet_rx_pkt' \| xargs -0 perl -i'' -pE "s/vmxnet_rx_pkt/net_rx_pkt/g" git grep -lz 'VmxnetTxPkt' \| xargs -0 perl -i'' -pE "s/VmxnetTxPkt/NetTxPkt/g" git grep -lz 'VMXNET_TX_PKT' \| xargs -0 perl -i'' -pE "s/VMXNET_TX_PKT/NET_TX_PKT/g" git grep -lz 'VmxnetRxPkt' \| xargs -0 perl -i'' -pE "s/VmxnetRxPkt/NetRxPkt/g" git grep -lz 'VMXNET_RX_PKT' \| xargs -0 perl -i'' -pE "s/VMXNET_RX_PKT/NET_RX_PKT/g" sed -ie 's/VMXNET_/NET_/g' hw/net/vmxnet_rx_pkt.c sed -ie 's/VMXNET_/NET_/g' hw/net/vmxnet_tx_pkt.c Signed-off-by: Dmitry Fleytman <dmitry.fleytman@ravellosystems.com> Signed-off-by: Leonid Bloch <leonid.bloch@ravellosystems.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>