Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch')
-rw-r--r--app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch47
1 files changed, 47 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch b/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch
new file mode 100644
index 000000000000..96981e973cea
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch
@@ -0,0 +1,47 @@
+https://bugs.gentoo.org/560760
+
+From 0cf33fb6b49a19de32859e2cdc6021334f448fb3 Mon Sep 17 00:00:00 2001
+From: Jason Wang <jasowang@redhat.com>
+Date: Fri, 25 Sep 2015 13:21:30 +0800
+Subject: [PATCH 3/3] virtio-net: correctly drop truncated packets
+
+When packet is truncated during receiving, we drop the packets but
+neither discard the descriptor nor add and signal used
+descriptor. This will lead several issues:
+
+- sg mappings are leaked
+- rx will be stalled if a lots of packets were truncated
+
+In order to be consistent with vhost, fix by discarding the descriptor
+in this case.
+
+Cc: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Jason Wang <jasowang@redhat.com>
+Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+---
+ hw/net/virtio-net.c | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
+index d388c55..a877614 100644
+--- a/hw/net/virtio-net.c
++++ b/hw/net/virtio-net.c
+@@ -1094,13 +1094,7 @@ static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t
+ * must have consumed the complete packet.
+ * Otherwise, drop it. */
+ if (!n->mergeable_rx_bufs && offset < size) {
+-#if 0
+- error_report("virtio-net truncated non-mergeable packet: "
+- "i %zd mergeable %d offset %zd, size %zd, "
+- "guest hdr len %zd, host hdr len %zd",
+- i, n->mergeable_rx_bufs,
+- offset, size, n->guest_hdr_len, n->host_hdr_len);
+-#endif
++ virtqueue_discard(q->rx_vq, &elem, total);
+ return size;
+ }
+
+--
+2.6.0.rc2.230.g3dd15c0
+