From nobody Sat May 18 14:10:08 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmail.com ARC-Seal: i=1; a=rsa-sha256; t=1624415283; cv=none; d=zohomail.com; s=zohoarc; b=GM0qVqsNr0py6vFPH91CnesvzTnbx4PLJCGxzy5FBd9QOVY4+lJIAg2axk+amUeHE97MOfR3VmK/UZbTf7kGfOIfEPWg0a87QPjZMxQVyNkpbp1XzmKp9awGUqOyXp2vrZkj4oZlzT+ve6zmy+jisFK2Uf8cw5FQ5g9nbMcAyFI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1624415283; h=Content-Type:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=kAujTiSkR3/APoMSLA8fwhGXs5Hn1dp6hoGe9FX334Q=; b=UmD4FUPUPUJnRp4GopkRek+DkMWJBrIcdpZiGptA09S6ET0Q+sMBtT1nPprZt8mRvh5LJbFgzZjmmF79r9t8mG68LWW+HyWiMLMD5P1VC5Kima/QyAD+LW8QCmhvCcenOHKxdb8bJFQ4+PDhfrtRJvZoyLPbpALxggZwucHab2k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1624415283884966.7045616918605; Tue, 22 Jun 2021 19:28:03 -0700 (PDT) Received: from localhost ([::1]:41902 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lvscU-00011E-CL for importer@patchew.org; Tue, 22 Jun 2021 22:28:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:51070) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lvsbN-0000GX-KS for qemu-devel@nongnu.org; Tue, 22 Jun 2021 22:26:53 -0400 Received: from mail-ot1-x333.google.com ([2607:f8b0:4864:20::333]:42834) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lvsbL-00034p-SY for qemu-devel@nongnu.org; Tue, 22 Jun 2021 22:26:53 -0400 Received: by mail-ot1-x333.google.com with SMTP id w23-20020a9d5a970000b02903d0ef989477so454149oth.9 for ; Tue, 22 Jun 2021 19:26:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=kAujTiSkR3/APoMSLA8fwhGXs5Hn1dp6hoGe9FX334Q=; b=eha6TFgkFNxwF6v8ioCxgDVvUdkGWlkH32XYZ0xYFXWfnQKtZ+W7ZvkQ/TSBG7qfcN MjcxmE5Jzt0+JZwG/+2pj8F8rxQtF5f+gUttSpFQ9RB5wpkBy00bmXlzDYYtRrq2FXrq AI06ArZ39OAN820m1jT5O28Ku665K7pJ9/HsvWMYR81M3TmVZvRBuyTDAXCkMohrdydx uEXd39dCwHWntUuY5KpcBvCitr+ppAG0kFwZe+C2GyjUuPT3sl5ya7QYW7tZH1popodU nXXDS0ci4/Lk/iXngcEHbfpLxfQB3zJVXvlvBJX48u/fjAC6rl92hAjnXFHfqmDBAfDa 8EAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=kAujTiSkR3/APoMSLA8fwhGXs5Hn1dp6hoGe9FX334Q=; b=Bih2ZdQWqIVqTgAzhFMd9Y5lDOURUMmzbSF0smUtz4silI1zRS4I0GtXQWIgL3oQkx tXiOPABBoX0mVQyTceLwm9kAlZtd4GPFqQZJwTdH0aEz1STVy3TjKIUhtyNdlPmEUAf0 1rnzgeFBrYgP4WZjpN0jldx+evYDocCf8tmF/RLE4f2Ar6A4UYgeWsIzY2P5U+OdNied MtQI+nxNtnUs8PYAEDZU77+yMXlECWEuaOMCVelvmb12QNQHb6vma4RRbDFAa7Zft+cL 6wcjo40+YqfJv+TR/1e/ZHKqpo9PvdwJEWKb7TCN/2BP6jJJEhTwP59IsItr7wG+lmSP ecbw== X-Gm-Message-State: AOAM531irNClaSqhL4tfQqNfHWtKCsODyXp06JswIDqoM9sIimlaJxVP bQv+6/4EaMCIhDQgT1/fUgf9498LuVEpWdrkfmE= X-Google-Smtp-Source: ABdhPJziOJPilzDe7t+uKTDftR2bfLSPcB7Jb75NIGI9wJrATtSvzqrAnVdRJzCP0PA7vdVVpX6KL1zhVemyZZgaubI= X-Received: by 2002:a05:6830:1daa:: with SMTP id z10mr5935486oti.5.1624415210573; Tue, 22 Jun 2021 19:26:50 -0700 (PDT) MIME-Version: 1.0 References: <162441284292.15618.4627728437912000813-0@git.sr.ht> In-Reply-To: <162441284292.15618.4627728437912000813-0@git.sr.ht> From: Qiang Liu Date: Wed, 23 Jun 2021 10:26:39 +0800 Message-ID: Subject: [PATCH qemu] hw/net/vmxnet3: Remove g_assert_not_reached() when VMXNET3_REG_ICR is written To: Dmitry Fleytman , Jason Wang , qemu-devel@nongnu.org Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2607:f8b0:4864:20::333; envelope-from=cyruscyliu@gmail.com; helo=mail-ot1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @gmail.com) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: cyruscyliu A malicious guest user can write VMXNET3_REG_ICR to crash QEMU. This patch remove the g_aasert_not_reached() there and make the access pass. Fixes: 786fd2b0f87 ("VMXNET3 device implementation") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/309 Buglink: https://bugs.launchpad.net/qemu/+bug/1913923 Signed-off-by: Qiang Liu --- hw/net/vmxnet3.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index eff299f629..a388918479 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -1786,13 +1786,6 @@ vmxnet3_io_bar1_write(void *opaque, vmxnet3_set_variable_mac(s, val, s->temp_mac); break; - /* Interrupt Cause Register */ - case VMXNET3_REG_ICR: - VMW_CBPRN("Write BAR1 [VMXNET3_REG_ICR] =3D %" PRIx64 ", size %d", - val, size); - g_assert_not_reached(); - break; - /* Event Cause Register */ case VMXNET3_REG_ECR: VMW_CBPRN("Write BAR1 [VMXNET3_REG_ECR] =3D %" PRIx64 ", size %d", -- 2.30.2