qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 07/10] vmxnet3: Do not fill stats if device is inacti

From: Jason Wang
Subject: [Qemu-devel] [PULL 07/10] vmxnet3: Do not fill stats if device is inactive
Date: Tue, 27 Oct 2015 14:08:41 +0800 
From: Shmulik Ladkani <address@hidden>

Guest OS may issue VMXNET3_CMD_GET_STATS even before device was
activated (for example in linux, after insmod but prior net-dev open).

Accessing shared descriptors prior device activation is illegal as the
VMXNET3State structures have not been fully initialized.

As a result, guest memory gets corrupted and may lead to guest OS
crashes.

Fix, by not filling the stats descriptors if device is inactive.

Reported-by: Leonid Shatz <address@hidden>
Acked-by: Dmitry Fleytman <address@hidden>
Signed-off-by: Dana Rubin <address@hidden>
Signed-off-by: Shmulik Ladkani <address@hidden>
Signed-off-by: Jason Wang <address@hidden>
---
 hw/net/vmxnet3.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 3c5e10d..5e3a233 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1289,6 +1289,10 @@ static uint32_t 
vmxnet3_get_interrupt_config(VMXNET3State *s)
 static void vmxnet3_fill_stats(VMXNET3State *s)
 {
     int i;
+
+    if (!s->device_active)
+        return;
+
     for (i = 0; i < s->txq_num; i++) {
         cpu_physical_memory_write(s->txq_descr[i].tx_stats_pa,
                                   &s->txq_descr[i].txq_stats,
-- 
2.1.4
reply via email to
[Prev in Thread] Current Thread [Next in Thread]