packages/qemu - qemu - OEPKGS Git Repository for openEuler 22.03 LTS SP4 Template

packages/qemu

Fork 0

Commit Graph

Author	SHA1	Message	Date
Chen Qun	4e6ee93c13	virtio: bugfix: clean up callback when del virtqueue We will access NULL pointer as follow: 1. Start a vm with multiqueue vhost-net 2. then we write VIRTIO_PCI_GUEST_FEATURES in PCI configuration to trigger multiqueue disable in this vm which will delete the virtqueue. In this step, the tx_bh is deleted but the callback virtio_net_handle_tx_bh still exist. 3. Finally, we write VIRTIO_PCI_QUEUE_NOTIFY in PCI configuration to notify the deleted virtqueue. In this way, virtio_net_handle_tx_bh will be called and qemu will be crashed. Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>	2022-02-12 22:05:46 +08:00

Author

SHA1

Message

Date

Chen Qun

4e6ee93c13

virtio: bugfix: clean up callback when del virtqueue

We will access NULL pointer as follow:
1. Start a vm with multiqueue vhost-net
2. then we write VIRTIO_PCI_GUEST_FEATURES in PCI configuration to
   trigger multiqueue disable in this vm which will delete the virtqueue.
   In this step, the tx_bh is deleted but the callback virtio_net_handle_tx_bh
   still exist.
3. Finally, we write VIRTIO_PCI_QUEUE_NOTIFY in PCI configuration to
   notify the deleted virtqueue. In this way, virtio_net_handle_tx_bh
   will be called and qemu will be crashed.

Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>

2022-02-12 22:05:46 +08:00

1 Commits