[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value
From: |
Fiona Ebner |
Subject: |
Re: [PATCH v2] hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value |
Date: |
Wed, 14 Dec 2022 10:43:16 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 |
Am 25.08.22 um 11:29 schrieb Fiona Ebner:
> Currently, VMXNET3_MAX_MTU itself (being 9000) is not considered a
> valid value for the MTU, but a guest running ESXi 7.0 might try to
> set it and fail the assert [0].
>
> In the Linux kernel, dev->max_mtu itself is a valid value for the MTU
> and for the vmxnet3 driver it's 9000, so a guest running Linux will
> also fail the assert when trying to set an MTU of 9000.
>
> VMXNET3_MAX_MTU and s->mtu don't seem to be used in relation to buffer
> allocations/accesses, so allowing the upper limit itself as a value
> should be fine.
>
> [0]: https://forum.proxmox.com/threads/114011/
>
> Fixes: d05dcd94ae ("net: vmxnet3: validate configuration values during
> activate (CVE-2021-20203)")
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
>
> Feel free to adapt the commit message as you see fit.
>
> v1 -> v2:
> * Add commit message with some rationale.
>
> hw/net/vmxnet3.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
> index 0b7acf7f89..a2037583bf 100644
> --- a/hw/net/vmxnet3.c
> +++ b/hw/net/vmxnet3.c
> @@ -1441,7 +1441,7 @@ static void vmxnet3_activate_device(VMXNET3State *s)
> vmxnet3_setup_rx_filtering(s);
> /* Cache fields from shared memory */
> s->mtu = VMXNET3_READ_DRV_SHARED32(d, s->drv_shmem, devRead.misc.mtu);
> - assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu < VMXNET3_MAX_MTU);
> + assert(VMXNET3_MIN_MTU <= s->mtu && s->mtu <= VMXNET3_MAX_MTU);
> VMW_CFPRN("MTU is %u", s->mtu);
>
> s->max_rx_frags =
Ping
- Re: [PATCH v2] hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value,
Fiona Ebner <=