Message ID | 20210305062638.6749-1-jasowang@redhat.com (mailing list archive) |
---|---|
Headers | show |
Series | Detect reentrant RX casued by loopback | expand |
Hello all, Just to note: * Let's use <qemu-security> list to review non-public/embargoed patch(es) only. * If patch(es) is being reviewed publicly on <qemu-devel> list, CC'ing <qemu-security> list does not help much. Thank you. --- -P J P http://feedmug.com
On 2021/3/5 2:39 下午, P J P wrote: > Hello all, > > Just to note: > > * Let's use <qemu-security> list to review non-public/embargoed patch(es) only. > > * If patch(es) is being reviewed publicly on <qemu-devel> list, > CC'ing <qemu-security> list does not help much. > > > Thank you. > --- > -P J P > http://feedmug.com I see. Thanks
On 3/5/21 7:26 AM, Jason Wang wrote: > Hi All: > > Followed by commit 22dc8663d9 ("net: forbid the reentrant RX"), we > still need to fix the issues casued by loopback mode where the NIC > usually it via calling nc->info->receive() directly. > > The fix is to introduce new network helper and check the > queue->delivering. > > This series addresses CVE-2021-3416. > > Thanks > > Changes since V3: > - clarify CVE number in the commit log > - ident fix > > Changes since V2: > - add more fixes from Alexander > > Changes since V1: > > - Fix dp8393x compiling > - Add rtl8139 fix > - Tweak the commit log > - Silent patchew warning > > Alexander Bulekov (4): > rtl8139: switch to use qemu_receive_packet() for loopback > pcnet: switch to use qemu_receive_packet() for loopback > cadence_gem: switch to use qemu_receive_packet() for loopback > lan9118: switch to use qemu_receive_packet() for loopback > > Jason Wang (6): > net: introduce qemu_receive_packet() > e1000: switch to use qemu_receive_packet() for loopback > dp8393x: switch to use qemu_receive_packet() for loopback packet > msf2-mac: switch to use qemu_receive_packet() for loopback > sungem: switch to use qemu_receive_packet() for loopback > tx_pkt: switch to use qemu_receive_packet_iov() for loopback > > hw/net/cadence_gem.c | 4 ++-- > hw/net/dp8393x.c | 2 +- > hw/net/e1000.c | 2 +- > hw/net/lan9118.c | 2 +- > hw/net/msf2-emac.c | 2 +- > hw/net/net_tx_pkt.c | 2 +- > hw/net/pcnet.c | 2 +- > hw/net/rtl8139.c | 2 +- > hw/net/sungem.c | 2 +- > include/net/net.h | 5 +++++ > include/net/queue.h | 8 ++++++++ > net/net.c | 38 +++++++++++++++++++++++++++++++------- > net/queue.c | 22 ++++++++++++++++++++++ > 13 files changed, 76 insertions(+), 17 deletions(-) > LGTM, maybe worth adding the "Cc: qemu-stable@nongnu.org" tag when applying.
On 2021/3/5 5:38 下午, Philippe Mathieu-Daudé wrote: > On 3/5/21 7:26 AM, Jason Wang wrote: >> Hi All: >> >> Followed by commit 22dc8663d9 ("net: forbid the reentrant RX"), we >> still need to fix the issues casued by loopback mode where the NIC >> usually it via calling nc->info->receive() directly. >> >> The fix is to introduce new network helper and check the >> queue->delivering. >> >> This series addresses CVE-2021-3416. >> >> Thanks >> >> Changes since V3: >> - clarify CVE number in the commit log >> - ident fix >> >> Changes since V2: >> - add more fixes from Alexander >> >> Changes since V1: >> >> - Fix dp8393x compiling >> - Add rtl8139 fix >> - Tweak the commit log >> - Silent patchew warning >> >> Alexander Bulekov (4): >> rtl8139: switch to use qemu_receive_packet() for loopback >> pcnet: switch to use qemu_receive_packet() for loopback >> cadence_gem: switch to use qemu_receive_packet() for loopback >> lan9118: switch to use qemu_receive_packet() for loopback >> >> Jason Wang (6): >> net: introduce qemu_receive_packet() >> e1000: switch to use qemu_receive_packet() for loopback >> dp8393x: switch to use qemu_receive_packet() for loopback packet >> msf2-mac: switch to use qemu_receive_packet() for loopback >> sungem: switch to use qemu_receive_packet() for loopback >> tx_pkt: switch to use qemu_receive_packet_iov() for loopback >> >> hw/net/cadence_gem.c | 4 ++-- >> hw/net/dp8393x.c | 2 +- >> hw/net/e1000.c | 2 +- >> hw/net/lan9118.c | 2 +- >> hw/net/msf2-emac.c | 2 +- >> hw/net/net_tx_pkt.c | 2 +- >> hw/net/pcnet.c | 2 +- >> hw/net/rtl8139.c | 2 +- >> hw/net/sungem.c | 2 +- >> include/net/net.h | 5 +++++ >> include/net/queue.h | 8 ++++++++ >> net/net.c | 38 +++++++++++++++++++++++++++++++------- >> net/queue.c | 22 ++++++++++++++++++++++ >> 13 files changed, 76 insertions(+), 17 deletions(-) >> > LGTM, maybe worth adding the "Cc: qemu-stable@nongnu.org" tag > when applying. Yes, will do. Thanks >
On 2021/3/5 2:26 下午, Jason Wang wrote: > Hi All: > > Followed by commit 22dc8663d9 ("net: forbid the reentrant RX"), we > still need to fix the issues casued by loopback mode where the NIC > usually it via calling nc->info->receive() directly. > > The fix is to introduce new network helper and check the > queue->delivering. > > This series addresses CVE-2021-3416. > > Thanks So, I've queued this series with stable cced. Thanks > > Changes since V3: > - clarify CVE number in the commit log > - ident fix > > Changes since V2: > - add more fixes from Alexander > > Changes since V1: > > - Fix dp8393x compiling > - Add rtl8139 fix > - Tweak the commit log > - Silent patchew warning > > Alexander Bulekov (4): > rtl8139: switch to use qemu_receive_packet() for loopback > pcnet: switch to use qemu_receive_packet() for loopback > cadence_gem: switch to use qemu_receive_packet() for loopback > lan9118: switch to use qemu_receive_packet() for loopback > > Jason Wang (6): > net: introduce qemu_receive_packet() > e1000: switch to use qemu_receive_packet() for loopback > dp8393x: switch to use qemu_receive_packet() for loopback packet > msf2-mac: switch to use qemu_receive_packet() for loopback > sungem: switch to use qemu_receive_packet() for loopback > tx_pkt: switch to use qemu_receive_packet_iov() for loopback > > hw/net/cadence_gem.c | 4 ++-- > hw/net/dp8393x.c | 2 +- > hw/net/e1000.c | 2 +- > hw/net/lan9118.c | 2 +- > hw/net/msf2-emac.c | 2 +- > hw/net/net_tx_pkt.c | 2 +- > hw/net/pcnet.c | 2 +- > hw/net/rtl8139.c | 2 +- > hw/net/sungem.c | 2 +- > include/net/net.h | 5 +++++ > include/net/queue.h | 8 ++++++++ > net/net.c | 38 +++++++++++++++++++++++++++++++------- > net/queue.c | 22 ++++++++++++++++++++++ > 13 files changed, 76 insertions(+), 17 deletions(-) >