[v1] Net patches

[PULL 2/8] virtio-net: Ensure queue index fits with RSS

Posted by Jason Wang 3 months, 3 weeks ago

From: Akihiko Odaki <akihiko.odaki@daynix.com>

Ensure the queue index points to a valid queue when software RSS
enabled. The new calculation matches with the behavior of Linux's TAP
device with the RSS eBPF program.

Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
Reported-by: Zhibin Hu <huzhibin5@huawei.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 hw/net/virtio-net.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 8f30972708..5635620a31 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -1905,7 +1905,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
     if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
         int index = virtio_net_process_rss(nc, buf, size, &extra_hdr);
         if (index >= 0) {
-            NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
+            NetClientState *nc2 =
+                qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
             return virtio_net_receive_rcu(nc2, buf, size, true);
         }
     }
-- 
2.42.0

Re: [PULL 2/8] virtio-net: Ensure queue index fits with RSS

Posted by Daniel P. Berrangé 3 months, 2 weeks ago

On Fri, Aug 02, 2024 at 11:19:23AM +0800, Jason Wang wrote:
> From: Akihiko Odaki <akihiko.odaki@daynix.com>
> 
> Ensure the queue index points to a valid queue when software RSS
> enabled. The new calculation matches with the behavior of Linux's TAP
> device with the RSS eBPF program.
> 
> Fixes: 4474e37a5b3a ("virtio-net: implement RX RSS processing")
> Reported-by: Zhibin Hu <huzhibin5@huawei.com>
> Cc: qemu-stable@nongnu.org
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
> Signed-off-by: Jason Wang <jasowang@redhat.com>
> ---
>  hw/net/virtio-net.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

FYI, this patch is the fix for CVE-2024-6505.

Please make sure to mention CVE assignments in the commit message
when one is available.

> 
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index 8f30972708..5635620a31 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -1905,7 +1905,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
>      if (!no_rss && n->rss_data.enabled && n->rss_data.enabled_software_rss) {
>          int index = virtio_net_process_rss(nc, buf, size, &extra_hdr);
>          if (index >= 0) {
> -            NetClientState *nc2 = qemu_get_subqueue(n->nic, index);
> +            NetClientState *nc2 =
> +                qemu_get_subqueue(n->nic, index % n->curr_queue_pairs);
>              return virtio_net_receive_rcu(nc2, buf, size, true);
>          }
>      }

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|