Message ID | 20240802031929.44060-3-jasowang@redhat.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [PULL,1/8] rtl8139: Fix behaviour for old kernels. | expand |
On Fri, Aug 02, 2024 at 11:19:23AM +0800, Jason Wang wrote: > From: Akihiko Odaki <akihiko.odaki@daynix.com> > > Ensure the queue index points to a valid queue when software RSS > enabled. The new calculation matches with the behavior of Linux's TAP > device with the RSS eBPF program. > > Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing") > Reported-by: Zhibin Hu <huzhibin5@huawei.com> > Cc: qemu-stable@nongnu.org > Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> > Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Jason Wang <jasowang@redhat.com> > --- > hw/net/virtio-net.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) FYI, this patch is the fix for CVE-2024-6505. Please make sure to mention CVE assignments in the commit message when one is available. > > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c > index 8f30972708..5635620a31 100644 > --- a/hw/net/virtio-net.c > +++ b/hw/net/virtio-net.c > @@ -1905,7 +1905,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, > if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) { > int index = virtio_net_process_rss(nc, buf, size, &extra_hdr); > if (index >= 0) { > - NetClientState *nc2 = qemu_get_subqueue(n->nic, index); > + NetClientState *nc2 = > + qemu_get_subqueue(n->nic, index % n->curr_queue_pairs); > return virtio_net_receive_rcu(nc2, buf, size, true); > } > } With regards, Daniel
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 8f30972708..5635620a31 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1905,7 +1905,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) { int index = virtio_net_process_rss(nc, buf, size, &extra_hdr); if (index >= 0) { - NetClientState *nc2 = qemu_get_subqueue(n->nic, index); + NetClientState *nc2 = + qemu_get_subqueue(n->nic, index % n->curr_queue_pairs); return virtio_net_receive_rcu(nc2, buf, size, true); } }