diff mbox series

[PULL,2/8] virtio-net: Ensure queue index fits with RSS

Message ID 20240802031929.44060-3-jasowang@redhat.com
State New
Headers show
Series [PULL,1/8] rtl8139: Fix behaviour for old kernels. | expand

Commit Message

Jason Wang Aug. 2, 2024, 3:19 a.m. UTC 
From: Akihiko Odaki <akihiko.odaki@daynix.com>

Ensure the queue index points to a valid queue when software RSS
enabled. The new calculation matches with the behavior of Linux's TAP
device with the RSS eBPF program.

Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
Reported-by: Zhibin Hu <huzhibin5@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 hw/net/virtio-net.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Daniel P. Berrangé Aug. 6, 2024, 1:30 p.m. UTC | #1 
On Fri, Aug 02, 2024 at 11:19:23AM +0800, Jason Wang wrote:
> From: Akihiko Odaki <akihiko.odaki@daynix.com>
> 
> Ensure the queue index points to a valid queue when software RSS
> enabled. The new calculation matches with the behavior of Linux's TAP
> device with the RSS eBPF program.
> 
> Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
> Reported-by: Zhibin Hu <huzhibin5@huawei.com>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>  hw/net/virtio-net.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

FYI, this patch is the fix for CVE-2024-6505.

Please make sure to mention CVE assignments in the commit message
when one is available.

> 
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 8f30972708..5635620a31 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -1905,7 +1905,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
>      if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
>          int index = virtio_net_process_rss(nc, buf, size, &extra_hdr);
>          if (index >= 0) {
> -            NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
> +            NetClientState *nc2 =
> +                qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
>              return virtio_net_receive_rcu(nc2, buf, size, true);
>          }
>      }

With regards,
Daniel
diff mbox series

Patch

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 8f30972708..5635620a31 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1905,7 +1905,8 @@  static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
     if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
         int index = virtio_net_process_rss(nc, buf, size, &extra_hdr);
         if (index >= 0) {
-            NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
+            NetClientState *nc2 =
+                qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
             return virtio_net_receive_rcu(nc2, buf, size, true);
         }
     }