qemu-e2k/net
Ani Sinha a0d7215e33 vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
When a peer nic is still attached to the vdpa backend, it is too early to free
up the vhost-net and vdpa structures. If these structures are freed here, then
QEMU crashes when the guest is being shut down. The following call chain
would result in an assertion failure since the pointer returned from
vhost_vdpa_get_vhost_net() would be NULL:

do_vm_stop() -> vm_state_notify() -> virtio_set_status() ->
virtio_net_vhost_status() -> get_vhost_net().

Therefore, we defer freeing up the structures until at guest shutdown
time when qemu_cleanup() calls net_cleanup() which then calls
qemu_del_net_client() which would eventually call vhost_vdpa_cleanup()
again to free up the structures. This time, the loop in net_cleanup()
ensures that vhost_vdpa_cleanup() will be called one last time when
all the peer nics are detached and freed.

All unit tests pass with this change.

CC: imammedo@redhat.com
CC: jusual@redhat.com
CC: mst@redhat.com
Fixes: CVE-2023-3301
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619065209.442185-1-anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-06-26 09:50:00 -04:00
..
can meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
announce.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
checksum.c
clients.h
colo-compare.c qapi: Use returned bool to check for failure (again) 2022-12-14 16:19:35 +01:00
colo-compare.h
colo.c
colo.h
dgram.c win32: replace closesocket() with close() wrapper 2023-03-13 15:39:31 +04:00
dump.c net: Strip virtio-net header when dumping 2023-03-10 15:35:38 +08:00
eth.c igb: Strip the second VLAN tag for extended VLAN 2023-05-23 15:20:15 +08:00
filter-buffer.c
filter-mirror.c
filter-replay.c
filter-rewriter.c
filter.c
hub.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
hub.h
l2tpv3.c net: Increase L2TPv3 buffer to fit jumboframes 2023-02-17 13:31:33 +08:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
net-hmp-cmds.c net: Move hmp_info_network() to net-hmp-cmds.c 2023-02-04 07:56:54 +01:00
net.c net: Strip virtio-net header when dumping 2023-03-10 15:35:38 +08:00
netmap.c
queue.c
slirp.c slirp: open-code qemu_socket_(un)select() 2023-03-13 15:39:31 +04:00
socket.c win32: replace closesocket() with close() wrapper 2023-03-13 15:39:31 +04:00
stream.c net: stream: add a new option to automatically reconnect 2023-02-17 13:31:33 +08:00
tap_int.h
tap-bsd.c Refactoring: refactor TFR() macro to RETRY_ON_EINTR() 2023-01-09 13:50:47 +01:00
tap-linux.c Refactoring: refactor TFR() macro to RETRY_ON_EINTR() 2023-01-09 13:50:47 +01:00
tap-linux.h net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
tap-solaris.c Refactoring: refactor TFR() macro to RETRY_ON_EINTR() 2023-01-09 13:50:47 +01:00
tap-stub.c
tap-win32.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
tap.c net: Strip virtio-net header when dumping 2023-03-10 15:35:38 +08:00
trace-events
trace.h
util.c
util.h
vde.c
vhost-user-stub.c
vhost-user.c vhost-user: Refactor the chr_closed_bh 2023-01-08 01:54:22 -05:00
vhost-vdpa-stub.c
vhost-vdpa.c vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present 2023-06-26 09:50:00 -04:00
vmnet_int.h vmnet: stop recieving events when VM is stopped 2023-02-17 13:31:33 +08:00
vmnet-bridged.m cocoa: Fix warnings about invalid prototype declarations 2023-06-13 11:28:58 +02:00
vmnet-common.m vmnet: stop recieving events when VM is stopped 2023-02-17 13:31:33 +08:00
vmnet-host.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
vmnet-shared.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00