On 22/11/24 06:03, Akihiko Odaki wrote:
The specification says hash_report should be set to
VIRTIO_NET_HASH_REPORT_NONE if VIRTIO_NET_F_HASH_REPORT is negotiated
but not configured with VIRTIO_NET_CTRL_MQ_RSS_CONFIG. However,
virtio_net_receive_rcu() instead wrote out the content of the extra_hdr
variable, which is not uninitialized in such a case.

Fix this by zeroing the extra_hdr.

Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report")
Signed-off-by: Akihiko Odaki <akihiko.od...@daynix.com>
---
  hw/net/virtio-net.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index b544d2e91a77..44ea72b50e0e 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1911,6 +1911,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, 
const uint8_t *buf,

Alternatively:

 -     struct virtio_net_hdr_v1_hash extra_hdr;
 +     struct virtio_net_hdr_v1_hash extra_hdr = { };

Regardless,
Reviewed-by: Philippe Mathieu-Daudé <phi...@linaro.org>

      size_t offset, i, guest_offset, j;
      ssize_t err;
+ memset(&extra_hdr, 0, sizeof(extra_hdr));
+
      if (n->rss_data.enabled && n->rss_data.enabled_software_rss) {
          int index = virtio_net_process_rss(nc, buf, size, &extra_hdr);
          if (index >= 0) {



Reply via email to