From 1e01e2f96fd5e903394eab59365d5363394c8b18 Mon Sep 17 00:00:00 2001

From: Jon Maloy <jmaloy@redhat.com>

Date: Tue, 13 Apr 2021 18:59:12 -0400

Subject: [PATCH 3/5] net: forbid the reentrant RX

RH-Author: Jon Maloy <jmaloy@redhat.com>

Message-id: <20210413185912.3811035-2-jmaloy@redhat.com>

Patchwork-id: 101467

O-Subject: [RHEL-8.5.0 qemu-kvm PATCH 1/1] net: forbid the reentrant RX

Bugzilla: 1859175

RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>

RH-Acked-by: Thomas Huth <thuth@redhat.com>

RH-Acked-by: Xiao Wang <jasowang@redhat.com>

From: Jason Wang <jasowang@redhat.com>

The memory API allows DMA into NIC's MMIO area. This means the NIC's

RX routine must be reentrant. Instead of auditing all the NIC, we can

simply detect the reentrancy and return early. The queue->delivering

is set and cleared by qemu_net_queue_deliver() for other queue helpers

to know whether the delivering in on going (NIC's receive is being

called). We can check it and return early in qemu_net_queue_flush() to

forbid reentrant RX.

Signed-off-by: Jason Wang <jasowang@redhat.com>

(cherry picked from commit 22dc8663d9fc7baa22100544c600b6285a63c7a3)

Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>

---

 net/queue.c | 3 +++

 1 file changed, 3 insertions(+)

diff --git a/net/queue.c b/net/queue.c

index 61276ca4be..c679d79f4b 100644

--- a/net/queue.c

+++ b/net/queue.c

@@ -250,6 +250,9 @@ void qemu_net_queue_purge(NetQueue *queue, NetClientState *from)

 bool qemu_net_queue_flush(NetQueue *queue)

 {

+    if (queue->delivering)

+        return false;

+

     while (!QTAILQ_EMPTY(&queue->packets)) {

         NetPacket *packet;

         int ret;

-- 

2.27.0