[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 22/77] net: use peer when purging queue in qemu_flush_or_purge_qu
|
From: |
Michael Roth |
|
Subject: |
[PATCH 22/77] net: use peer when purging queue in qemu_flush_or_purge_queue_packets() |
|
Date: |
Thu, 3 Sep 2020 15:58:40 -0500 |
From: Jason Wang <jasowang@redhat.com>
The sender of packet will be checked in the qemu_net_queue_purge() but
we use NetClientState not its peer when trying to purge the incoming
queue in qemu_flush_or_purge_packets(). This will trigger the assert
in virtio_net_reset since we can't pass the sender check:
hw/net/virtio-net.c:533: void virtio_net_reset(VirtIODevice *): Assertion
`!virtio_net_get_subqueue(nc)->async_tx.elem' failed.
#9 0x55a33fa31b78 in virtio_net_reset hw/net/virtio-net.c:533:13
#10 0x55a33fc88412 in virtio_reset hw/virtio/virtio.c:1919:9
#11 0x55a341d82764 in virtio_bus_reset hw/virtio/virtio-bus.c:95:9
#12 0x55a341dba2de in virtio_pci_reset hw/virtio/virtio-pci.c:1824:5
#13 0x55a341db3e02 in virtio_pci_common_write hw/virtio/virtio-pci.c:1252:13
#14 0x55a33f62117b in memory_region_write_accessor memory.c:496:5
#15 0x55a33f6205e4 in access_with_adjusted_size memory.c:557:18
#16 0x55a33f61e177 in memory_region_dispatch_write memory.c:1488:16
Reproducer:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg701914.html
Fix by using the peer.
Reported-by: "Alexander Bulekov" <alxndr@bu.edu>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: ca77d85e1dbf9 ("net: complete all queued packets on VM stop")
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 5fe19fb81839ea42b592b409f725349cf3c73551)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
net/net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/net.c b/net/net.c
index cbeeeadff8..4c62b10acd 100644
--- a/net/net.c
+++ b/net/net.c
@@ -610,7 +610,7 @@ void qemu_flush_or_purge_queued_packets(NetClientState *nc,
bool purge)
qemu_notify_event();
} else if (purge) {
/* Unable to empty the queue, purge remaining packets */
- qemu_net_queue_purge(nc->incoming_queue, nc);
+ qemu_net_queue_purge(nc->incoming_queue, nc->peer);
}
}
--
2.17.1
- Re: [PATCH 15/77] xen/9pfs: yield when there isn't enough room on the ring, (continued)
- [PATCH 14/77] Revert "9p: init_in_iov_from_pdu can truncate the size", Michael Roth, 2020/09/03
- [PATCH 16/77] ati-vga: check mm_index before recursive call (CVE-2020-13800), Michael Roth, 2020/09/03
- [PATCH 18/77] Fix tulip breakage, Michael Roth, 2020/09/03
- [PATCH 17/77] es1370: check total frame count against current frame, Michael Roth, 2020/09/03
- [PATCH 19/77] iotests/283: Use consistent size for source and target, Michael Roth, 2020/09/03
- [PATCH 20/77] virtiofsd: add --rlimit-nofile=NUM option, Michael Roth, 2020/09/03
- [PATCH 01/77] hostmem: don't use mbind() if host-nodes is empty, Michael Roth, 2020/09/03
- [PATCH 21/77] virtiofsd: stay below fs.file-max sysctl value (CVE-2020-10717), Michael Roth, 2020/09/03
- [PATCH 23/77] KVM: x86: believe what KVM says about WAITPKG, Michael Roth, 2020/09/03
- [PATCH 22/77] net: use peer when purging queue in qemu_flush_or_purge_queue_packets(),
Michael Roth <=
- [PATCH 24/77] aio-posix: don't duplicate fd handler deletion in fdmon_io_uring_destroy(), Michael Roth, 2020/09/03
- [PATCH 25/77] aio-posix: disable fdmon-io_uring when GSource is used, Michael Roth, 2020/09/03
- [PATCH 26/77] linux-user/strace.list: fix epoll_create{, 1} -strace output, Michael Roth, 2020/09/03
- [PATCH 28/77] libqos: pci-pc: use 32-bit write for EJ register, Michael Roth, 2020/09/03
- [PATCH 27/77] libqos: usb-hcd-ehci: use 32-bit write for config register, Michael Roth, 2020/09/03
- [PATCH 29/77] memory: Revert "memory: accept mismatching sizes in memory_region_access_valid", Michael Roth, 2020/09/03
- [PATCH 02/77] target/arm: Clear tail in gvec_fmul_idx_*, gvec_fmla_idx_*, Michael Roth, 2020/09/03
- [PATCH 32/77] acpi: accept byte and word access to core ACPI registers, Michael Roth, 2020/09/03
- [PATCH 31/77] xhci: fix valid.max_access_size to access address registers, Michael Roth, 2020/09/03
- [PATCH 34/77] hw/net/e1000e: Do not abort() on invalid PSRCTL register value, Michael Roth, 2020/09/03