Re: [Qemu-devel] [PATCH] net: vmxnet: initialise local tx descriptor

2016-10-20 Thread Jason Wang 



On 2016年10月19日 03:35, P J P wrote:

   Hello Jason,

+-- On Thu, 11 Aug 2016, Dmitry Fleytman wrote --+
| Reviewed-by: Dmitry Fleytman 
|
| > @@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, 
int qidx, uint32_t tx_ridx)
| >
| > VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, 
>txq_descr[qidx].comp_ring);
| >
| > +memset(_descr, 0, sizeof(txcq_descr));
| > txcq_descr.txdIdx = tx_ridx;

  It seems this one is not pulled upstream yet? There is another one like it.
(just checking)


My bad, this patch was missed for some reason. I've queued this in my tree.

Thanks



Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH] net: vmxnet: initialise local tx descriptor

2016-10-18 Thread P J P 
  Hello Jason,

+-- On Thu, 11 Aug 2016, Dmitry Fleytman wrote --+
| Reviewed-by: Dmitry Fleytman 
| 
| > @@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, 
int qidx, uint32_t tx_ridx)
| > 
| > VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, 
>txq_descr[qidx].comp_ring);
| > 
| > +memset(_descr, 0, sizeof(txcq_descr));
| > txcq_descr.txdIdx = tx_ridx;

 It seems this one is not pulled upstream yet? There is another one like it. 
(just checking)

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Re: [Qemu-devel] [PATCH] net: vmxnet: initialise local tx descriptor

2016-08-11 Thread Dmitry Fleytman 
Reviewed-by: Dmitry Fleytman 

> On 10 Aug 2016, at 22:12 PM, P J P  wrote:
> 
> From: Li Qiang 
> 
> In Vmxnet3 device emulator while processing transmit(tx) queue,
> when it reaches end of packet, it calls vmxnet3_complete_packet.
> In that local 'txcq_descr' object is not initialised, which could
> leak host memory bytes a guest.
> 
> Reported-by: Li Qiang 
> Signed-off-by: Prasad J Pandit 
> ---
> hw/net/vmxnet3.c | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> index 90f6943..92f6af9 100644
> --- a/hw/net/vmxnet3.c
> +++ b/hw/net/vmxnet3.c
> @@ -531,6 +531,7 @@ static void vmxnet3_complete_packet(VMXNET3State *s, int 
> qidx, uint32_t tx_ridx)
> 
> VMXNET3_RING_DUMP(VMW_RIPRN, "TXC", qidx, >txq_descr[qidx].comp_ring);
> 
> +memset(_descr, 0, sizeof(txcq_descr));
> txcq_descr.txdIdx = tx_ridx;
> txcq_descr.gen = vmxnet3_ring_curr_gen(>txq_descr[qidx].comp_ring);
> 
> -- 
> 2.5.5
>