On Tue, 4 Dec 2018 at 03:54, Jason Wang <jasow...@redhat.com> wrote: > > Hi: > > This series tries to fix a possible OOB during queueing packets > through qemu_net_queue_append_iov(). This could happen when it tries > to queue a packet whose size is larger than INT_MAX which may lead > integer overflow. We've fixed similar issue in the past during > qemu_net_queue_deliver_iov() by ignoring large packets there. Let's > just move the check earlier to qemu_sendv_packet_async() and reduce > the limitation to NET_BUFSIZE. A simple qtest were also added this. > > Please review. > > Thanks > > Changes from V1: > - slient compiling warnings > Changes from V2: > - annotate pci_test_start() with GCC_FMT_ATTR() > - drop intermediate cmd string variable > Changes from V4: > - silent hub warning if qtest is enabled > - make qemu_deliver_packet_iov() static > - add one more test for packet size slightly greater than NET_BUFSIZE > - tweak the commit log and add more justification > - typo/whitespace fixes and other minor code style tweaks > > Jason Wang (5): > net: drop too large packet early > net: hub: suppress warnings of no host network for qtest > virtio-net-test: accept variable length argument in pci_test_start() > virtio-net-test: remove unused macro > virtio-net-test: add large tx buffer test
Applied, thanks. -- PMM
