[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.3 16/87] Avoid unaligned fetch in ladr_match()
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-8.2.3 16/87] Avoid unaligned fetch in ladr_match() |
|
Date: |
Wed, 10 Apr 2024 10:21:49 +0300 |
From: Nick Briggs <nicholas.h.briggs@gmail.com>
There is no guarantee that the PCNetState is allocated such that
csr[8] is allocated on an 8-byte boundary. Since not all hosts are
capable of unaligned fetches the 16-bit elements need to be fetched
individually to avoid a potential fault. Closes issue #2143
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2143
Signed-off-by: Nick Briggs <nicholas.h.briggs@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 6a5287ce80470bb8df95901d73ee779a64e70c3a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index a7e123e60d..7d574f487b 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -632,7 +632,7 @@ static inline int ladr_match(PCNetState *s, const uint8_t
*buf, int size)
{
struct qemu_ether_header *hdr = (void *)buf;
if ((*(hdr->ether_dhost)&0x01) &&
- ((uint64_t *)&s->csr[8])[0] != 0LL) {
+ (s->csr[8] | s->csr[9] | s->csr[10] | s->csr[11]) != 0) {
uint8_t ladr[8] = {
s->csr[8] & 0xff, s->csr[8] >> 8,
s->csr[9] & 0xff, s->csr[9] >> 8,
--
2.39.2
- [Stable-8.2.3 06/87] ui/cocoa: Fix window clipping on macOS 14, (continued)
- [Stable-8.2.3 06/87] ui/cocoa: Fix window clipping on macOS 14, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 07/87] target/arm: Fix 32-bit SMOPA, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 08/87] hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 09/87] system/qdev-monitor: move drain_call_rcu call under if (!dev) in qmp_device_add(), Michael Tokarev, 2024/04/10
- [Stable-8.2.3 10/87] hw/scsi/lsi53c895a: stop script on phase mismatch, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 11/87] hw/scsi/lsi53c895a: add timer to scripts processing, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 13/87] migration/rdma: Fix a memory issue for migration, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 12/87] make-release: switch to .xz format by default, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 15/87] e1000e: fix link state on resume, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 14/87] igb: fix link state on resume, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 16/87] Avoid unaligned fetch in ladr_match(),
Michael Tokarev <=
- [Stable-8.2.3 17/87] xen: Drop out of coroutine context xen_invalidate_map_cache_entry, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 19/87] hw/nvme: fix invalid check on mcl, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 18/87] hw/nvme: separate 'serial' property for VFs, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 20/87] hw/nvme: generalize the mbar size helper, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 23/87] pcie_sriov: Validate NumVFs, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 25/87] hw/audio/virtio-sound: return correct command response size, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 22/87] hw/nvme: Use pcie_sriov_num_vfs(), Michael Tokarev, 2024/04/10
- [Stable-8.2.3 21/87] hw/nvme: add machine compatibility parameter to enable msix exclusive bar, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 24/87] hmat acpi: Fix out of bounds access due to missing use of indirection, Michael Tokarev, 2024/04/10
- [Stable-8.2.3 26/87] migration: Skip only empty block devices, Michael Tokarev, 2024/04/10