diff options
| author | Mike Frysinger <vapier@google.com> | 2015-10-12 23:34:32 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@google.com> | 2015-10-12 23:34:32 -0400 |
| commit | 64b3189079aa6c10a0204880a58df53b36b9f36a (patch) | |
| tree | 7508f174756528dfe5ad3a359ef24ac3c2baf3f7 /app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch | |
| parent | 5d6f128da92287fc0b2643d810ecd96f81ac3aa2 (diff) | |
| parent | fbc240f551b32a009511d34ac5c3fd7c15ef82b9 (diff) | |
| download | gentoo-64b3189079aa6c10a0204880a58df53b36b9f36a.tar.gz | |
Merge https://github.com/gentoo/gentoo.gitbrillo-m7-releasebrillo-m7-mr-devbrillo-m7-dev
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch')
| -rw-r--r-- | app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch b/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch new file mode 100644 index 0000000000..96981e973c --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.4.0-CVE-2015-7295-3.patch @@ -0,0 +1,47 @@ +https://bugs.gentoo.org/560760 + +From 0cf33fb6b49a19de32859e2cdc6021334f448fb3 Mon Sep 17 00:00:00 2001 +From: Jason Wang <jasowang@redhat.com> +Date: Fri, 25 Sep 2015 13:21:30 +0800 +Subject: [PATCH 3/3] virtio-net: correctly drop truncated packets + +When packet is truncated during receiving, we drop the packets but +neither discard the descriptor nor add and signal used +descriptor. This will lead several issues: + +- sg mappings are leaked +- rx will be stalled if a lots of packets were truncated + +In order to be consistent with vhost, fix by discarding the descriptor +in this case. + +Cc: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Jason Wang <jasowang@redhat.com> +Reviewed-by: Michael S. Tsirkin <mst@redhat.com> +Signed-off-by: Michael S. Tsirkin <mst@redhat.com> +--- + hw/net/virtio-net.c | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index d388c55..a877614 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -1094,13 +1094,7 @@ static ssize_t virtio_net_receive(NetClientState *nc, const uint8_t *buf, size_t + * must have consumed the complete packet. + * Otherwise, drop it. */ + if (!n->mergeable_rx_bufs && offset < size) { +-#if 0 +- error_report("virtio-net truncated non-mergeable packet: " +- "i %zd mergeable %d offset %zd, size %zd, " +- "guest hdr len %zd, host hdr len %zd", +- i, n->mergeable_rx_bufs, +- offset, size, n->guest_hdr_len, n->host_hdr_len); +-#endif ++ virtqueue_discard(q->rx_vq, &elem, total); + return size; + } + +-- +2.6.0.rc2.230.g3dd15c0 + |