| commit | d8c85757e795ea753bd0625eb344c8220e7a048e | |
| author | Imre Vadász <imre@vdsz.com> | |
| Mon, 20 Mar 2017 19:16:50 +0000 (20 20:16 +0100) | ||
| committer | Imre Vadász <imre@vdsz.com> | |
| Thu, 23 Mar 2017 21:35:41 +0000 (23 22:35 +0100) | ||
| tree | 8933cab107068a873d6e62310daa7bfe54461cf4 | treesnapshot (tar.gz zip) |
| parent | 8621f4070e7cb342161183c980ae7fce2fd8124e | commitdiff |
if_vtnet - Allocate struct vtnet_tx_header entries from a queue.
* The existing code was sequentially allocating from an array of
struct vtnet_tx_header, using an appropriately sized area.
But this scheme turns out to be a very bad idea when we get out-of-order
completions in the virtqueue.
* Instead allocate struct vtnet_tx_header entries from an SLIST.
* This should avoid crashes from memory-corruption or use-after-free in
if_vtnet(9), when running in KVM on Linux, using Linux's vhost-net
in-kernel virtqueue accelerator.
* The existing code was sequentially allocating from an array of
struct vtnet_tx_header, using an appropriately sized area.
But this scheme turns out to be a very bad idea when we get out-of-order
completions in the virtqueue.
* Instead allocate struct vtnet_tx_header entries from an SLIST.
* This should avoid crashes from memory-corruption or use-after-free in
if_vtnet(9), when running in KVM on Linux, using Linux's vhost-net
in-kernel virtqueue accelerator.
| sys/dev/virtual/virtio/net/if_vtnet.c | diffblobblamehistory | |
| sys/dev/virtual/virtio/net/if_vtnetvar.h | diffblobblamehistory |