packages/qemu - qemu - OEPKGS Git Repository for openEuler 24.03 LTS SP1 Template

packages/qemu

Fork 0

Commit Graph

Author	SHA1	Message	Date
Chen Qun	c86cebdfb5	virtio: bugfix: clean up callback when del virtqueue We will access NULL pointer as follow: 1. Start a vm with multiqueue vhost-net 2. then we write VIRTIO_PCI_GUEST_FEATURES in PCI configuration to trigger multiqueue disable in this vm which will delete the virtqueue. In this step, the tx_bh is deleted but the callback virtio_net_handle_tx_bh still exist. 3. Finally, we write VIRTIO_PCI_QUEUE_NOTIFY in PCI configuration to notify the deleted virtqueue. In this way, virtio_net_handle_tx_bh will be called and qemu will be crashed. Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>	2022-03-19 14:42:32 +08:00

Author

SHA1

Message

Date

Chen Qun

c86cebdfb5

virtio: bugfix: clean up callback when del virtqueue

We will access NULL pointer as follow:
1. Start a vm with multiqueue vhost-net
2. then we write VIRTIO_PCI_GUEST_FEATURES in PCI configuration to
   trigger multiqueue disable in this vm which will delete the virtqueue.
   In this step, the tx_bh is deleted but the callback virtio_net_handle_tx_bh
   still exist.
3. Finally, we write VIRTIO_PCI_QUEUE_NOTIFY in PCI configuration to
   notify the deleted virtqueue. In this way, virtio_net_handle_tx_bh
   will be called and qemu will be crashed.

Signed-off-by: Jinhua Cao <caojinhua1@huawei.com>

2022-03-19 14:42:32 +08:00

1 Commits