From 3ffee3cd5fb29de2115bdcbde0a02f47ce69a24c Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 4 Jun 2013 14:47:26 +0200 Subject: vmxnet3: fix NICState cleanup Use qemu_del_nic() instead of qemu_del_net_client() to correctly free the entire NICState. Cc: qemu-stable@nongnu.org Reported-by: Paolo Bonzini Signed-off-by: Stefan Hajnoczi --- hw/net/vmxnet3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index 5f483e7f1e..4c575e55a7 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -1892,7 +1892,7 @@ static void vmxnet3_net_uninit(VMXNET3State *s) vmxnet_tx_pkt_reset(s->tx_pkt); vmxnet_tx_pkt_uninit(s->tx_pkt); vmxnet_rx_pkt_uninit(s->rx_pkt); - qemu_del_net_client(qemu_get_queue(s->nic)); + qemu_del_nic(s->nic); } static void vmxnet3_net_init(VMXNET3State *s) -- cgit v1.2.3 From c87826a878be05208c3906eb9d5e1f37cff5e98e Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Tue, 4 Jun 2013 13:18:17 +0800 Subject: tap: fix NULL dereference when passing invalid parameters to tap This patch forbid the following invalid parameters to tap: 1) fd and vhostfds were specified but vhostfd were not specified 2) vhostfds were specified but fds were not specified 3) fds and vhostfd were specified For 1 and 2, net_init_tap_one() will still pass NULL as vhostfdname to monitor_handle_fd_param(), which may crash the qemu. Also remove the unnecessary has_fd check. Cc: Paolo Bonzini Cc: Stefan Hajnoczi Cc: Laszlo Ersek Cc: qemu-stable@nongnu.org Signed-off-by: Jason Wang Signed-off-by: Stefan Hajnoczi --- net/tap.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/net/tap.c b/net/tap.c index e0b7a2a5a0..39c1cda3e4 100644 --- a/net/tap.c +++ b/net/tap.c @@ -698,9 +698,10 @@ int net_init_tap(const NetClientOptions *opts, const char *name, if (tap->has_fd) { if (tap->has_ifname || tap->has_script || tap->has_downscript || tap->has_vnet_hdr || tap->has_helper || tap->has_queues || - tap->has_fds) { + tap->has_fds || tap->has_vhostfds) { error_report("ifname=, script=, downscript=, vnet_hdr=, " - "helper=, queues=, and fds= are invalid with fd="); + "helper=, queues=, fds=, and vhostfds= " + "are invalid with fd="); return -1; } @@ -725,9 +726,10 @@ int net_init_tap(const NetClientOptions *opts, const char *name, if (tap->has_ifname || tap->has_script || tap->has_downscript || tap->has_vnet_hdr || tap->has_helper || tap->has_queues || - tap->has_fd) { + tap->has_vhostfd) { error_report("ifname=, script=, downscript=, vnet_hdr=, " - "helper=, queues=, and fd= are invalid with fds="); + "helper=, queues=, and vhostfd= " + "are invalid with fds="); return -1; } @@ -765,9 +767,9 @@ int net_init_tap(const NetClientOptions *opts, const char *name, } } else if (tap->has_helper) { if (tap->has_ifname || tap->has_script || tap->has_downscript || - tap->has_vnet_hdr || tap->has_queues || tap->has_fds) { + tap->has_vnet_hdr || tap->has_queues || tap->has_vhostfds) { error_report("ifname=, script=, downscript=, and vnet_hdr= " - "queues=, and fds= are invalid with helper="); + "queues=, and vhostfds= are invalid with helper="); return -1; } @@ -785,6 +787,10 @@ int net_init_tap(const NetClientOptions *opts, const char *name, return -1; } } else { + if (tap->has_vhostfds) { + error_report("vhostfds= is invalid if fds= wasn't specified"); + return -1; + } script = tap->has_script ? tap->script : DEFAULT_NETWORK_SCRIPT; downscript = tap->has_downscript ? tap->downscript : DEFAULT_NETWORK_DOWN_SCRIPT; -- cgit v1.2.3