diff options
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch')
-rw-r--r-- | app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch b/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch new file mode 100644 index 000000000000..96981e973cea --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch @@ -0,0 +1,47 @@ +https://bugs.gentoo.org/560760 + +From 0cf33fb6b49a19de32859e2cdc6021334f448fb3 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Fri, 25 Sep 2015 13:21:30 +0800 +Subject: [PATCH 3/3] virtio-net: correctly drop truncated packets + +When packet is truncated during receiving, we drop the packets but +neither discard the descriptor nor add and signal used +descriptor. This will lead several issues: + +- sg mappings are leaked +- rx will be stalled if a lots of packets were truncated + +In order to be consistent with vhost, fix by discarding the descriptor +in this case. + +Cc: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +--- + hw/net/virtio-net.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index d388c55..a877614 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -1094,13 +1094,7 @@ static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t + * must have consumed the complete packet. + * Otherwise, drop it. */ + if (!n->mergeable_rx_bufs && offset < size) { +-#if 0 +- error_report("virtio-net truncated non-mergeable packet: " +- "i %zd mergeable %d offset %zd, size %zd, " +- "guest hdr len %zd, host hdr len %zd", +- i, n->mergeable_rx_bufs, +- offset, size, n->guest_hdr_len, n->host_hdr_len); +-#endif ++ virtqueue_discard(q->rx_vq, &elem, total); + return size; + } + +-- +2.6.0.rc2.230.g3dd15c0 + |