[Qemu-commits] [qemu/qemu] b5ab67: slirp: don't crash when tcp

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] b5ab67: slirp: don't crash when tcp_sockclose

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] b5ab67: slirp: don't crash when tcp_sockclosed() is called...
Date:	Thu, 07 Apr 2016 05:00:03 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: b5ab677189b93efa4eaa921f42b21dc008247184
      
https://github.com/qemu/qemu/commit/b5ab677189b93efa4eaa921f42b21dc008247184
  Author: Steven Luo <address@hidden>
  Date:   2016-04-07 (Thu, 07 Apr 2016)

  Changed paths:
    M slirp/tcp_subr.c

  Log Message:
  -----------
  slirp: don't crash when tcp_sockclosed() is called with a NULL tp

Signed-off-by: Steven Luo <address@hidden>
Reviewed-by: Edgar E. Iglesias <address@hidden>
Signed-off-by: Samuel Thibault <address@hidden>


  Commit: bfb1ac14029ee72b19296109fba880c0551755d5
      
https://github.com/qemu/qemu/commit/bfb1ac14029ee72b19296109fba880c0551755d5
  Author: Steven Luo <address@hidden>
  Date:   2016-04-07 (Thu, 07 Apr 2016)

  Changed paths:
    M slirp/slirp.c
    M slirp/socket.c
    M slirp/socket.h

  Log Message:
  -----------
  slirp: avoid use-after-free in slirp_pollfds_poll() if soread() returns an 
error

Samuel Thibault pointed out that it's possible that slirp_pollfds_poll()
will try to use a socket even after soread() returns an error, resulting
in an use-after-free if the socket was removed while handling the error.
Avoid this by refusing to continue to work with the socket in this case.

Signed-off-by: Steven Luo <address@hidden>
Signed-off-by: Samuel Thibault <address@hidden>


  Commit: 27d92ebc5ed1bb0b518d0ebc4c609182ad20a799
      
https://github.com/qemu/qemu/commit/27d92ebc5ed1bb0b518d0ebc4c609182ad20a799
  Author: Edgar E. Iglesias <address@hidden>
  Date:   2016-04-07 (Thu, 07 Apr 2016)

  Changed paths:
    M slirp/socket.c

  Log Message:
  -----------
  slirp: Propagate host TCP RST to the guest.

When the host aborts (RST) its side of a TCP connection we need to
propagate that RST to the guest. The current code can leave such guest
connections dangling forever. Spotted by Jason Wessel.

Signed-off-by: Edgar E. Iglesias <address@hidden>
address@hidden: coding style adjustments]
Signed-off-by: Steven Luo <address@hidden>
Signed-off-by: Samuel Thibault <address@hidden>


  Commit: 6625d83a6eb3b51a622d72adce713cab75cbf2e7
      
https://github.com/qemu/qemu/commit/6625d83a6eb3b51a622d72adce713cab75cbf2e7
  Author: Steven Luo <address@hidden>
  Date:   2016-04-07 (Thu, 07 Apr 2016)

  Changed paths:
    M slirp/socket.c
    M slirp/tcp_input.c

  Log Message:
  -----------
  slirp: handle deferred ECONNREFUSED on non-blocking TCP sockets

slirp currently only handles ECONNREFUSED in the case where connect()
returns immediately with that error; since we use non-blocking sockets,
most of the time we won't receive the error until we later try to read
from the socket.  Ensure that we deliver the appropriate RST to the
guest in this case.

Signed-off-by: Steven Luo <address@hidden>
Reviewed-by: Edgar E. Iglesias <address@hidden>
Signed-off-by: Samuel Thibault <address@hidden>


  Commit: e380023898479b57d38c0569c02f7bd41090181b
      
https://github.com/qemu/qemu/commit/e380023898479b57d38c0569c02f7bd41090181b
  Author: Peter Maydell <address@hidden>
  Date:   2016-04-07 (Thu, 07 Apr 2016)

  Changed paths:
    M slirp/slirp.c
    M slirp/socket.c
    M slirp/socket.h
    M slirp/tcp_input.c
    M slirp/tcp_subr.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/thibault/tags/samuel-thibault' into 
staging

slirp updates

# gpg: Signature made Thu 07 Apr 2016 12:02:23 BST using RSA key ID FB6B2F1D
# gpg: Good signature from "Samuel Thibault <address@hidden>"
# gpg:                 aka "Samuel Thibault <address@hidden>"
# gpg:                 aka "Samuel Thibault <address@hidden>"
# gpg:                 aka "Samuel Thibault <address@hidden>"
# gpg:                 aka "Samuel Thibault <address@hidden>"
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 900C B024 B679 31D4 0F82  304B D017 8C76 7D06 9EE6
#      Subkey fingerprint: F632 74CD C630 0873 CB3D  29D9 E3E5 1CE8 FB6B 2F1D

* remotes/thibault/tags/samuel-thibault:
  slirp: handle deferred ECONNREFUSED on non-blocking TCP sockets
  slirp: Propagate host TCP RST to the guest.
  slirp: avoid use-after-free in slirp_pollfds_poll() if soread() returns an 
error
  slirp: don't crash when tcp_sockclosed() is called with a NULL tp

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/0f9d6bd210f2...e38002389847

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] b5ab67: slirp: don't crash when tcp_sockclosed() is called..., GitHub <=

Prev by Date: [Qemu-commits] [qemu/qemu] a15555: util: Improved qemu_hexmap() to include an ascii d...
Next by Date: [Qemu-commits] [qemu/qemu] 3005c2: qga: fix fd leak with guest-exec i/o channels
Previous by thread: [Qemu-commits] [qemu/qemu] a15555: util: Improved qemu_hexmap() to include an ascii d...
Next by thread: [Qemu-commits] [qemu/qemu] 3005c2: qga: fix fd leak with guest-exec i/o channels
Index(es):
- Date
- Thread