qemu-e2k/net
Ani Sinha a0d7215e33 vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present
When a peer nic is still attached to the vdpa backend, it is too early to free
up the vhost-net and vdpa structures. If these structures are freed here, then
QEMU crashes when the guest is being shut down. The following call chain
would result in an assertion failure since the pointer returned from
vhost_vdpa_get_vhost_net() would be NULL:

do_vm_stop() -> vm_state_notify() -> virtio_set_status() ->
virtio_net_vhost_status() -> get_vhost_net().

Therefore, we defer freeing up the structures until at guest shutdown
time when qemu_cleanup() calls net_cleanup() which then calls
qemu_del_net_client() which would eventually call vhost_vdpa_cleanup()
again to free up the structures. This time, the loop in net_cleanup()
ensures that vhost_vdpa_cleanup() will be called one last time when
all the peer nics are detached and freed.

All unit tests pass with this change.

CC: imammedo@redhat.com
CC: jusual@redhat.com
CC: mst@redhat.com
Fixes: CVE-2023-3301
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619065209.442185-1-anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-06-26 09:50:00 -04:00
..
can meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
announce.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
checksum.c net/checksum: Remove unused variable in net_checksum_add_iov 2021-07-26 07:06:58 -10:00
clients.h qapi: net: add stream and dgram netdevs 2022-10-28 13:28:52 +08:00
colo-compare.c qapi: Use returned bool to check for failure (again) 2022-12-14 16:19:35 +01:00
colo-compare.h Add the function of colo_compare_cleanup 2021-06-11 10:30:13 +08:00
colo.c net/colo.c: Fix the pointer issue reported by Coverity. 2022-09-02 10:22:39 +08:00
colo.h net/colo.c: Fix the pointer issue reported by Coverity. 2022-09-02 10:22:39 +08:00
dgram.c win32: replace closesocket() with close() wrapper 2023-03-13 15:39:31 +04:00
dump.c net: Strip virtio-net header when dumping 2023-03-10 15:35:38 +08:00
eth.c igb: Strip the second VLAN tag for extended VLAN 2023-05-23 15:20:15 +08:00
filter-buffer.c
filter-mirror.c net/filter: Optimize filter_send to coroutine 2022-02-14 11:50:44 +08:00
filter-replay.c hw: Do not include qemu/log.h if it is not necessary 2021-05-02 17:24:50 +02:00
filter-rewriter.c net/colo: Fix a "double free" crash to clear the conn_list 2022-07-20 16:58:08 +08:00
filter.c
hub.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
hub.h
l2tpv3.c net: Increase L2TPv3 buffer to fit jumboframes 2023-02-17 13:31:33 +08:00
meson.build meson: Replace softmmu_ss -> system_ss 2023-06-20 10:01:30 +02:00
net-hmp-cmds.c net: Move hmp_info_network() to net-hmp-cmds.c 2023-02-04 07:56:54 +01:00
net.c net: Strip virtio-net header when dumping 2023-03-10 15:35:38 +08:00
netmap.c Do not include sysemu/sysemu.h if it's not really necessary 2021-05-02 17:24:50 +02:00
queue.c net: introduce qemu_receive_packet() 2021-03-15 16:41:22 +08:00
slirp.c slirp: open-code qemu_socket_(un)select() 2023-03-13 15:39:31 +04:00
socket.c win32: replace closesocket() with close() wrapper 2023-03-13 15:39:31 +04:00
stream.c net: stream: add a new option to automatically reconnect 2023-02-17 13:31:33 +08:00
tap-bsd.c Refactoring: refactor TFR() macro to RETRY_ON_EINTR() 2023-01-09 13:50:47 +01:00
tap-linux.c Refactoring: refactor TFR() macro to RETRY_ON_EINTR() 2023-01-09 13:50:47 +01:00
tap-linux.h net: Replace TAB indentations with spaces 2022-11-11 09:39:03 +01:00
tap-solaris.c Refactoring: refactor TFR() macro to RETRY_ON_EINTR() 2023-01-09 13:50:47 +01:00
tap-stub.c net: Added SetSteeringEBPF method for NetClientState. 2021-06-04 15:25:46 +08:00
tap-win32.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
tap.c net: Strip virtio-net header when dumping 2023-03-10 15:35:38 +08:00
tap_int.h net: Added SetSteeringEBPF method for NetClientState. 2021-06-04 15:25:46 +08:00
trace-events net/colo.c: Fix the pointer issue reported by Coverity. 2022-09-02 10:22:39 +08:00
trace.h
util.c
util.h Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
vde.c net: introduce qemu_set_info_str() function 2022-10-28 13:28:52 +08:00
vhost-user-stub.c
vhost-user.c vhost-user: Refactor the chr_closed_bh 2023-01-08 01:54:22 -05:00
vhost-vdpa-stub.c vhost-net-vdpa: add stubs for when no virtio-net device is present 2022-07-20 16:58:08 +08:00
vhost-vdpa.c vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is present 2023-06-26 09:50:00 -04:00
vmnet-bridged.m cocoa: Fix warnings about invalid prototype declarations 2023-06-13 11:28:58 +02:00
vmnet-common.m vmnet: stop recieving events when VM is stopped 2023-02-17 13:31:33 +08:00
vmnet-host.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
vmnet-shared.c qapi net: Elide redundant has_FOO in generated C 2022-12-14 20:04:47 +01:00
vmnet_int.h vmnet: stop recieving events when VM is stopped 2023-02-17 13:31:33 +08:00