On 10/18/2015 03:16 PM, Dmitry Fleytman wrote:
> ACK
Hi Dmitry:
Thanks a lot for the reviewing.
As I want to add your "Acked-by" in the patch, could you pls add a
formal one in the future? (Which can make my life a little bit easier).
>> On 15 Oct 2015, at 13:54 PM, Dana Rubin <shmulik.ladk...@ravellosystems.com>
>> wrote:
>>
>> From: Shmulik Ladkani <shmulik.ladk...@ravellosystems.com>
>>
>> Guest OS may issue VMXNET3_CMD_GET_STATS even before device was
>> activated (for example in linux, after insmod but prior net-dev open).
>>
>> Accessing shared descriptors prior device activation is illegal as the
>> VMXNET3State structures have not been fully initialized.
>>
>> As a result, guest memory gets corrupted and may lead to guest OS
>> crashes.
>>
>> Fix, by not filling the stats descriptors if device is inactive.
>>
>> Reported-by: Leonid Shatz <leonid.sh...@ravellosystems.com>
>> Signed-off-by: Dana Rubin <dana.ru...@ravellosystems.com>
>> Signed-off-by: Shmulik Ladkani <shmulik.ladk...@ravellosystems.com>
>> ---
>> hw/net/vmxnet3.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
>> index 3c5e10d..5e3a233 100644
>> --- a/hw/net/vmxnet3.c
>> +++ b/hw/net/vmxnet3.c
>> @@ -1289,6 +1289,10 @@ static uint32_t
>> vmxnet3_get_interrupt_config(VMXNET3State *s)
>> static void vmxnet3_fill_stats(VMXNET3State *s)
>> {
>> int i;
>> +
>> + if (!s->device_active)
>> + return;
>> +
>> for (i = 0; i < s->txq_num; i++) {
>> cpu_physical_memory_write(s->txq_descr[i].tx_stats_pa,
>> &s->txq_descr[i].txq_stats,
>> --
>> 1.9.1
>>
>
