From patchwork Tue Sep 20 17:05:17 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 9342219
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	4C798607EE for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue, 20 Sep 2016 17:37:06 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 41908298EC
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue, 20 Sep 2016 17:37:06 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3519B29A60; Tue, 20 Sep 2016 17:37:06 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id BFC37298EC
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue, 20 Sep 2016 17:37:05 +0000 (UTC)
Received: from localhost ([::1]:37006 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1bmOyf-0006uZ-00 for patchwork-qemu-devel@patchwork.kernel.org;
	Tue, 20 Sep 2016 13:37:05 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43316)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1bmOUq-0007OC-QH
	for qemu-devel@nongnu.org; Tue, 20 Sep 2016 13:06:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1bmOUn-0007TP-O1
	for qemu-devel@nongnu.org; Tue, 20 Sep 2016 13:06:15 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37283
	helo=mx0a-001b2d01.pphosted.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mdroth@linux.vnet.ibm.com>) id 1bmOUn-0007Sl-Ft
	for qemu-devel@nongnu.org; Tue, 20 Sep 2016 13:06:13 -0400
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.17/8.16.0.17) with SMTP id
	u8KH3JE4003221
	for <qemu-devel@nongnu.org>; Tue, 20 Sep 2016 13:06:13 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx0b-001b2d01.pphosted.com with ESMTP id 25jmr0xqf5-1
	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)
	for <qemu-devel@nongnu.org>; Tue, 20 Sep 2016 13:06:12 -0400
Received: from localhost
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
	Tue, 20 Sep 2016 11:06:12 -0600
Received: from d03dlp03.boulder.ibm.com (9.17.202.179)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Tue, 20 Sep 2016 11:06:08 -0600
Received: from b03cxnp07028.gho.boulder.ibm.com
	(b03cxnp07028.gho.boulder.ibm.com [9.17.130.15])
	by d03dlp03.boulder.ibm.com (Postfix) with ESMTP id 5969119D8048;
	Tue, 20 Sep 2016 11:05:37 -0600 (MDT)
Received: from b03ledav004.gho.boulder.ibm.com
	(b03ledav004.gho.boulder.ibm.com [9.17.130.235])
	by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id u8KH62eG12583334; Tue, 20 Sep 2016 10:06:08 -0700
Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 37CFE78041;
	Tue, 20 Sep 2016 11:06:08 -0600 (MDT)
Received: from localhost (unknown [9.53.92.191])
	by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP id 27E617803F;
	Tue, 20 Sep 2016 11:06:08 -0600 (MDT)
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Tue, 20 Sep 2016 12:05:17 -0500
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1474391141-16623-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1474391141-16623-1-git-send-email-mdroth@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16092017-0012-0000-0000-000010B3BD67
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00005792; HX=3.00000240; KW=3.00000007;
	PH=3.00000004; SC=3.00000185; SDB=6.00759544; UDB=6.00361078;
	IPR=6.00533874;
	BA=6.00004739; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009;
	ZB=6.00000000;
	ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012728;
	XFM=3.00000011; UTC=2016-09-20 17:06:10
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 16092017-0013-0000-0000-000045A31A13
Message-Id: <1474391141-16623-2-git-send-email-mdroth@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2016-09-20_07:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	spamscore=0 suspectscore=29
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1609020000
	definitions=main-1609200216
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-Received-From: 148.163.158.5
Subject: [Qemu-devel] [PATCH 01/25] net: check fragment length during
	fragmentation
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Jason Wang <jasowang@redhat.com>, qemu-stable@nongnu.org,
	Prasad J Pandit <pjp@fedoraproject.org>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Prasad J Pandit <pjp@fedoraproject.org>

Network transport abstraction layer supports packet fragmentation.
While fragmenting a packet, it checks for more fragments from
packet length and current fragment length. It is susceptible
to an infinite loop, if the current fragment length is zero.
Add check to avoid it.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
CC: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 hw/net/vmxnet_tx_pkt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/net/vmxnet_tx_pkt.c b/hw/net/vmxnet_tx_pkt.c
index 91e1e08..f4d0f5f 100644
--- a/hw/net/vmxnet_tx_pkt.c
+++ b/hw/net/vmxnet_tx_pkt.c
@@ -544,7 +544,7 @@ static bool vmxnet_tx_pkt_do_sw_fragmentation(struct VmxnetTxPkt *pkt,
 
         fragment_offset += fragment_len;
 
-    } while (more_frags);
+    } while (fragment_len && more_frags);
 
     return true;
 }