diff options
| author | Jon Maloy <jmaloy@redhat.com> | 2021-10-21 12:10:47 -0400 |
|---|---|---|
| committer | Jason Wang <jasowang@redhat.com> | 2021-11-05 11:31:42 +0800 |
| commit | 25ddb946e6301f42cff3094ea1c25fb78813e7e9 (patch) | |
| tree | ebd531cf0f6edf64bd486504cf8991bd0af7ffc2 /docs/sphinx-static | |
| parent | 18e356a53a2926a15343b914db64324d63748f25 (diff) | |
| download | qemu-25ddb946e6301f42cff3094ea1c25fb78813e7e9.zip qemu-25ddb946e6301f42cff3094ea1c25fb78813e7e9.tar.gz qemu-25ddb946e6301f42cff3094ea1c25fb78813e7e9.tar.bz2 | |
e1000: fix tx re-entrancy problem
The fact that the MMIO handler is not re-entrant causes an infinite
loop under certain conditions:
Guest write to TDT -> Loopback -> RX (DMA to TDT) -> TX
We now eliminate the effect of this problem locally in e1000, by adding
a boolean in struct E1000State indicating when the TX side is busy. This
will cause any entering new call to return early instead of interfering
with the ongoing work, and eliminates any risk of looping.
This is intended to address CVE-2021-20257.
Signed-off-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to 'docs/sphinx-static')
0 files changed, 0 insertions, 0 deletions