[PULL V2 10/20] tx_pkt: switch to use qemu_receive_packet_iov() for loopback

Jason Wang Mon, 15 Mar 2021 02:15:36 -0700

This patch switches to use qemu_receive_receive_iov() which can detect
reentrancy and return early.


This is intended to address CVE-2021-3416.

Cc: Prasad J Pandit <ppan...@redhat.com>
Cc: qemu-sta...@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
Signed-off-by: Jason Wang <jasow...@redhat.com>
---
 hw/net/net_tx_pkt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/net_tx_pkt.c b/hw/net/net_tx_pkt.c
index da262ed..1f9aa59 100644
--- a/hw/net/net_tx_pkt.c
+++ b/hw/net/net_tx_pkt.c
@@ -553,7 +553,7 @@ static inline void net_tx_pkt_sendv(struct NetTxPkt *pkt,
     NetClientState *nc, const struct iovec *iov, int iov_cnt)
 {
     if (pkt->is_loopback) {
-        nc->info->receive_iov(nc, iov, iov_cnt);
+        qemu_receive_packet_iov(nc, iov, iov_cnt);
     } else {
         qemu_sendv_packet(nc, iov, iov_cnt);
     }
-- 
2.7.4

[PULL V2 10/20] tx_pkt: switch to use qemu_receive_packet_iov() for loopback

Reply via email to