| Message ID | 1426671309-13645-8-git-send-email-jasowang@redhat.com |
|---|---|
| State | New |
| Headers | show |
On Wed, Mar 18, 2015 at 05:34:57PM +0800, Jason Wang wrote: > We don't validate the backend queue numbers against bus limitation, > this will easily crash qemu if it exceeds the limitation. Fixing this > by doing the validation and fail early. > > Cc: Michael S. Tsirkin <mst@redhat.com> > Signed-off-by: Jason Wang <jasowang@redhat.com> Bugfix? needed in 2.3? > --- > hw/net/virtio-net.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c > index 27adcc5..59f76bc 100644 > --- a/hw/net/virtio-net.c > +++ b/hw/net/virtio-net.c > @@ -1588,6 +1588,13 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) > virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size); > > n->max_queues = MAX(n->nic_conf.peers.queues, 1); > + if (n->max_queues * 2 + 1 > VIRTIO_PCI_QUEUE_MAX) { We have this * 2 + 1 logic in several other places in this file too. Pls wrap it up in a helper. > + error_setg(errp, "Invalid number of queues (= %" PRIu32 "), " > + "must be a postive integer less than %d.", > + n->max_queues, (VIRTIO_PCI_QUEUE_MAX - 1) / 2); > + virtio_cleanup(vdev); > + return; > + } > n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues); > n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx); > n->curr_queues = 1; > -- > 2.1.0
On Wed, Mar 18, 2015 at 9:05 PM, Michael S. Tsirkin <mst@redhat.com> wrote: > On Wed, Mar 18, 2015 at 05:34:57PM +0800, Jason Wang wrote: >> We don't validate the backend queue numbers against bus limitation, >> this will easily crash qemu if it exceeds the limitation. Fixing >> this >> by doing the validation and fail early. >> >> Cc: Michael S. Tsirkin <mst@redhat.com> >> Signed-off-by: Jason Wang <jasowang@redhat.com> > > Bugfix? needed in 2.3? Yes, a bugfix for the host only support more than 8 tuntap queues. Not sure it was necessary to 2.3. > > >> --- >> hw/net/virtio-net.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c >> index 27adcc5..59f76bc 100644 >> --- a/hw/net/virtio-net.c >> +++ b/hw/net/virtio-net.c >> @@ -1588,6 +1588,13 @@ static void >> virtio_net_device_realize(DeviceState *dev, Error **errp) >> virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size); >> >> n->max_queues = MAX(n->nic_conf.peers.queues, 1); >> + if (n->max_queues * 2 + 1 > VIRTIO_PCI_QUEUE_MAX) { > > We have this * 2 + 1 logic in several other places in this file too. > Pls wrap it up in a helper. Ok. > > >> + error_setg(errp, "Invalid number of queues (= %" PRIu32 >> "), " >> + "must be a postive integer less than %d.", >> + n->max_queues, (VIRTIO_PCI_QUEUE_MAX - 1) / 2); >> + virtio_cleanup(vdev); >> + return; >> + } >> n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues); >> n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, >> virtio_net_handle_rx); >> n->curr_queues = 1; >> -- >> 2.1.0
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 27adcc5..59f76bc 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1588,6 +1588,13 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size); n->max_queues = MAX(n->nic_conf.peers.queues, 1); + if (n->max_queues * 2 + 1 > VIRTIO_PCI_QUEUE_MAX) { + error_setg(errp, "Invalid number of queues (= %" PRIu32 "), " + "must be a postive integer less than %d.", + n->max_queues, (VIRTIO_PCI_QUEUE_MAX - 1) / 2); + virtio_cleanup(vdev); + return; + } n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues); n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx); n->curr_queues = 1;
We don't validate the backend queue numbers against bus limitation, this will easily crash qemu if it exceeds the limitation. Fixing this by doing the validation and fail early. Cc: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> --- hw/net/virtio-net.c | 7 +++++++ 1 file changed, 7 insertions(+)