On 22/11/24 06:03, Akihiko Odaki wrote:
> The specification says hash_report should be set to
> VIRTIO_NET_HASH_REPORT_NONE if VIRTIO_NET_F_HASH_REPORT is negotiated
> but not configured with VIRTIO_NET_CTRL_MQ_RSS_CONFIG. However,
> virtio_net_receive_rcu() instead wrote out the content of the extra_hdr
> variable, which is not uninitialized in such a case.
>
> Fix this by zeroing the extra_hdr.
>
> Fixes: e22f0603fb2f ("virtio-net: reference implementation of hash report")
> Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
> ---
> hw/net/virtio-net.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index b544d2e91a77..44ea72b50e0e 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -1911,6 +1911,8 @@ static ssize_t virtio_net_receive_rcu(NetClientState *nc, const uint8_t *buf,
Alternatively:
- struct virtio_net_hdr_v1_hash extra_hdr;
+ struct virtio_net_hdr_v1_hash extra_hdr = { };
Regardless,
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> size_t offset, i, guest_offset, j;
> ssize_t err;
>
> + memset(&extra_hdr, 0, sizeof(extra_hdr));
> +
> if (n->rss_data.enabled && n->rss_data.enabled_software_rss) {
> int index = virtio_net_process_rss(nc, buf, size, &extra_hdr);
> if (index >= 0) {
>