diff --git a/hw/net/e1000.c b/hw/net/e1000.c index 1dc14663324a..a023ceb27cb1 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -1381,11 +1381,6 @@ static int e1000_pre_save(void *opaque) E1000State *s = opaque; NetClientState *nc = qemu_get_queue(s->nic); - /* If the mitigation timer is active, emulate a timeout now. */ - if (s->mit_timer_on) { - e1000_mit_timer(s); - } - /* * If link is down and auto-negotiation is supported and ongoing, * complete auto-negotiation immediately. This allows us to look @@ -1423,7 +1418,8 @@ static int e1000_post_load(void *opaque, int version_id) s->mit_irq_level = false; } s->mit_ide = 0; - s->mit_timer_on = false; + s->mit_timer_on = true; + timer_mod(s->mit_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) + 1); /* nc.link_down can't be migrated, so infer link_down according * to link status bit in mac_reg[STATUS]. diff --git a/net/colo-compare.c b/net/colo-compare.c index 909dd6c6eb5e..7489840bde20 100644 --- a/net/colo-compare.c +++ b/net/colo-compare.c @@ -127,6 +127,17 @@ static int compare_chr_send(CompareState *s, uint32_t vnet_hdr_len, bool notify_remote_frame); +static bool packet_matches_str(const char *str, + const uint8_t *buf, + uint32_t packet_len) +{ + if (packet_len != strlen(str)) { + return false; + } + + return !memcmp(str, buf, strlen(str)); +} + static void notify_remote_frame(CompareState *s) { char msg[] = "DO_CHECKPOINT"; @@ -1008,21 +1019,23 @@ static void compare_notify_rs_finalize(SocketReadState *notify_rs) { CompareState *s = container_of(notify_rs, CompareState, notify_rs); - /* Get Xen colo-frame's notify and handle the message */ - char *data = g_memdup(notify_rs->buf, notify_rs->packet_len); - char msg[] = "COLO_COMPARE_GET_XEN_INIT"; + const char msg[] = "COLO_COMPARE_GET_XEN_INIT"; int ret; - if (!strcmp(data, "COLO_USERSPACE_PROXY_INIT")) { + if (packet_matches_str("COLO_USERSPACE_PROXY_INIT", + notify_rs->buf, + notify_rs->packet_len)) { ret = compare_chr_send(s, (uint8_t *)msg, strlen(msg), 0, true); if (ret < 0) { error_report("Notify Xen COLO-frame INIT failed"); } - } - - if (!strcmp(data, "COLO_CHECKPOINT")) { + } else if (packet_matches_str("COLO_CHECKPOINT", + notify_rs->buf, + notify_rs->packet_len)) { /* colo-compare do checkpoint, flush pri packet and remove sec packet */ g_queue_foreach(&s->conn_list, colo_flush_packets, s); + } else { + error_report("COLO compare got unsupported instruction"); } } diff --git a/net/tap.c b/net/tap.c index e8aadd8d4b30..fc38029f4144 100644 --- a/net/tap.c +++ b/net/tap.c @@ -498,9 +498,9 @@ static int net_bridge_run_helper(const char *helper, const char *bridge, } if (pid == 0) { int open_max = sysconf(_SC_OPEN_MAX), i; - char fd_buf[6+10]; - char br_buf[6+IFNAMSIZ] = {0}; - char helper_cmd[PATH_MAX + sizeof(fd_buf) + sizeof(br_buf) + 15]; + char *fd_buf = NULL; + char *br_buf = NULL; + char *helper_cmd = NULL; for (i = 3; i < open_max; i++) { if (i != sv[1]) { @@ -508,17 +508,17 @@ static int net_bridge_run_helper(const char *helper, const char *bridge, } } - snprintf(fd_buf, sizeof(fd_buf), "%s%d", "--fd=", sv[1]); + fd_buf = g_strdup_printf("%s%d", "--fd=", sv[1]); if (strrchr(helper, ' ') || strrchr(helper, '\t')) { /* assume helper is a command */ if (strstr(helper, "--br=") == NULL) { - snprintf(br_buf, sizeof(br_buf), "%s%s", "--br=", bridge); + br_buf = g_strdup_printf("%s%s", "--br=", bridge); } - snprintf(helper_cmd, sizeof(helper_cmd), "%s %s %s %s", - helper, "--use-vnet", fd_buf, br_buf); + helper_cmd = g_strdup_printf("%s %s %s %s", helper, + "--use-vnet", fd_buf, br_buf ? br_buf : ""); parg = args; *parg++ = (char *)"sh"; @@ -527,10 +527,11 @@ static int net_bridge_run_helper(const char *helper, const char *bridge, *parg++ = NULL; execv("/bin/sh", args); + g_free(helper_cmd); } else { /* assume helper is just the executable path name */ - snprintf(br_buf, sizeof(br_buf), "%s%s", "--br=", bridge); + br_buf = g_strdup_printf("%s%s", "--br=", bridge); parg = args; *parg++ = (char *)helper; @@ -541,6 +542,8 @@ static int net_bridge_run_helper(const char *helper, const char *bridge, execv(helper, args); } + g_free(fd_buf); + g_free(br_buf); _exit(1); } else { diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c index 95624bc30055..3d50ec094c79 100644 --- a/qemu-bridge-helper.c +++ b/qemu-bridge-helper.c @@ -102,9 +102,7 @@ static int parse_acl_file(const char *filename, ACLList *acl_list) if (arg == NULL) { fprintf(stderr, "Invalid config line:\n %s\n", line); - fclose(f); - errno = EINVAL; - return -1; + goto err; } *arg = 0; @@ -119,6 +117,11 @@ static int parse_acl_file(const char *filename, ACLList *acl_list) } *argend = 0; + if (!g_str_equal(cmd, "include") && strlen(arg) >= IFNAMSIZ) { + fprintf(stderr, "name `%s' too long: %zu\n", arg, strlen(arg)); + goto err; + } + if (strcmp(cmd, "deny") == 0) { acl_rule = g_malloc(sizeof(*acl_rule)); if (strcmp(arg, "all") == 0) { @@ -142,15 +145,18 @@ static int parse_acl_file(const char *filename, ACLList *acl_list) parse_acl_file(arg, acl_list); } else { fprintf(stderr, "Unknown command `%s'\n", cmd); - fclose(f); - errno = EINVAL; - return -1; + goto err; } } fclose(f); - return 0; + +err: + fclose(f); + errno = EINVAL; + return -1; + } static bool has_vnet_hdr(int fd) @@ -269,6 +275,10 @@ int main(int argc, char **argv) usage(); return EXIT_FAILURE; } + if (strlen(bridge) >= IFNAMSIZ) { + fprintf(stderr, "name `%s' too long: %zu\n", bridge, strlen(bridge)); + return EXIT_FAILURE; + } /* parse default acl file */ QSIMPLEQ_INIT(&acl_list);