| Message ID | 20241122-queue-v3-5-f2ff03b8dbfd@daynix.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | virtio-net fixes | expand |
On 22/11/24 06:03, Akihiko Odaki wrote: > The specification says hash_report should be set to > VIRTIO_NET_HASH_REPORT_NONE if VIRTIO_NET_F_HASH_REPORT is negotiated > but not configured with VIRTIO_NET_CTRL_MQ_RSS_CONFIG. However, > virtio_net_receive_rcu() instead wrote out the content of the extra_hdr > variable, which is not uninitialized in such a case. > > Fix this by zeroing the extra_hdr. > > Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report") > Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> > --- > hw/net/virtio-net.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c > index b544d2e91a77..44ea72b50e0e 100644 > --- a/hw/net/virtio-net.c > +++ b/hw/net/virtio-net.c > @@ -1911,6 +1911,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, Alternatively: - struct virtio_net_hdr_v1_hash extra_hdr; + struct virtio_net_hdr_v1_hash extra_hdr = { }; Regardless, Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> > size_t offset, i, guest_offset, j; > ssize_t err; > > + memset(&extra_hdr, 0, sizeof(extra_hdr)); > + > if (n->rss_data.enabled && n->rss_data.enabled_software_rss) { > int index = virtio_net_process_rss(nc, buf, size, &extra_hdr); > if (index >= 0) { >
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index b544d2e91a77..44ea72b50e0e 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1911,6 +1911,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf, size_t offset, i, guest_offset, j; ssize_t err; + memset(&extra_hdr, 0, sizeof(extra_hdr)); + if (n->rss_data.enabled && n->rss_data.enabled_software_rss) { int index = virtio_net_process_rss(nc, buf, size, &extra_hdr); if (index >= 0) {
The specification says hash_report should be set to VIRTIO_NET_HASH_REPORT_NONE if VIRTIO_NET_F_HASH_REPORT is negotiated but not configured with VIRTIO_NET_CTRL_MQ_RSS_CONFIG. However, virtio_net_receive_rcu() instead wrote out the content of the extra_hdr variable, which is not uninitialized in such a case. Fix this by zeroing the extra_hdr. Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report") Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> --- hw/net/virtio-net.c | 2 ++ 1 file changed, 2 insertions(+)