diff options
author | Shmulik Ladkani <shmulik.ladkani@ravellosystems.com> | 2015-10-15 13:54:30 +0300 |
---|---|---|
committer | Jason Wang <jasowang@redhat.com> | 2015-10-27 10:30:38 +0800 |
commit | eedeeeffd419ab149e0b0ad5fc4b7cf5e1db6274 (patch) | |
tree | 3214b3c8d13808a77f5b68438df25a6120e27e22 | |
parent | d3e0c032f52f4fb855f9bd2892ebd175a9d975a1 (diff) | |
download | qemu-eedeeeffd419ab149e0b0ad5fc4b7cf5e1db6274.zip qemu-eedeeeffd419ab149e0b0ad5fc4b7cf5e1db6274.tar.gz qemu-eedeeeffd419ab149e0b0ad5fc4b7cf5e1db6274.tar.bz2 |
vmxnet3: Do not fill stats if device is inactive
Guest OS may issue VMXNET3_CMD_GET_STATS even before device was
activated (for example in linux, after insmod but prior net-dev open).
Accessing shared descriptors prior device activation is illegal as the
VMXNET3State structures have not been fully initialized.
As a result, guest memory gets corrupted and may lead to guest OS
crashes.
Fix, by not filling the stats descriptors if device is inactive.
Reported-by: Leonid Shatz <leonid.shatz@ravellosystems.com>
Acked-by: Dmitry Fleytman <dmitry@daynix.com>
Signed-off-by: Dana Rubin <dana.rubin@ravellosystems.com>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@ravellosystems.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
-rw-r--r-- | hw/net/vmxnet3.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 3c5e10d..5e3a233 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -1289,6 +1289,10 @@ static uint32_t vmxnet3_get_interrupt_config(VMXNET3State *s) static void vmxnet3_fill_stats(VMXNET3State *s) { int i; + + if (!s->device_active) + return; + for (i = 0; i < s->txq_num; i++) { cpu_physical_memory_write(s->txq_descr[i].tx_stats_pa, &s->txq_descr[i].txq_stats, |