Message ID | 1470690267-31454-56-git-send-email-mdroth@linux.vnet.ibm.com |
---|---|
State | New |
Headers | show
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3s7WkT0rVjz9sCY for <incoming@patchwork.ozlabs.org>; Tue, 9 Aug 2016 08:08:01 +1000 (AEST) Received: from localhost ([::1]:60130 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>) id 1bWsiE-0007Wr-Ja for incoming@patchwork.ozlabs.org; Mon, 08 Aug 2016 18:07:58 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42623) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <mdroth@linux.vnet.ibm.com>) id 1bWrko-0004hq-6U for qemu-devel@nongnu.org; Mon, 08 Aug 2016 17:06:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <mdroth@linux.vnet.ibm.com>) id 1bWrkk-0006G6-TN for qemu-devel@nongnu.org; Mon, 08 Aug 2016 17:06:34 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:44798) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <mdroth@linux.vnet.ibm.com>) id 1bWrkk-0006Ff-Iw for qemu-devel@nongnu.org; Mon, 08 Aug 2016 17:06:30 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u78KxjBx100086 for <qemu-devel@nongnu.org>; Mon, 8 Aug 2016 17:06:30 -0400 Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154]) by mx0a-001b2d01.pphosted.com with ESMTP id 24na7fuqwj-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for <qemu-devel@nongnu.org>; Mon, 08 Aug 2016 17:06:29 -0400 Received: from localhost by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>; Mon, 8 Aug 2016 15:06:29 -0600 Received: from d03dlp02.boulder.ibm.com (9.17.202.178) by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 8 Aug 2016 15:06:27 -0600 X-IBM-Helo: d03dlp02.boulder.ibm.com X-IBM-MailFrom: mdroth@linux.vnet.ibm.com Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by d03dlp02.boulder.ibm.com (Postfix) with ESMTP id 657BE3E40041; Mon, 8 Aug 2016 15:06:26 -0600 (MDT) Received: from b01ledav001.gho.pok.ibm.com (b01ledav001.gho.pok.ibm.com [9.57.199.106]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id u78L6DE92621784; Mon, 8 Aug 2016 21:06:27 GMT Received: from b01ledav001.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id D7D962804A; Mon, 8 Aug 2016 17:06:25 -0400 (EDT) Received: from localhost (unknown [9.80.86.168]) by b01ledav001.gho.pok.ibm.com (Postfix) with ESMTP id 7EA272803A; Mon, 8 Aug 2016 17:06:25 -0400 (EDT) From: Michael Roth <mdroth@linux.vnet.ibm.com> To: qemu-devel@nongnu.org Date: Mon, 8 Aug 2016 16:04:26 -0500 X-Mailer: git-send-email 1.9.1 In-Reply-To: <1470690267-31454-1-git-send-email-mdroth@linux.vnet.ibm.com> References: <1470690267-31454-1-git-send-email-mdroth@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 16080821-0020-0000-0000-0000098247E0 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00005568; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000178; SDB=6.00741898; UDB=6.00349152; IPR=6.00514457; BA=6.00004651; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00012252; XFM=3.00000011; UTC=2016-08-08 21:06:28 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 16080821-0021-0000-0000-000054644FDD Message-Id: <1470690267-31454-56-git-send-email-mdroth@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-08-08_15:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=62 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1604210000 definitions=main-1608080226 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PATCH 55/56] virtio: error out if guest exceeds virtqueue size X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <qemu-devel.nongnu.org> List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe> List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/> List-Post: <mailto:qemu-devel@nongnu.org> List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help> List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=subscribe> Cc: qemu-stable@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> |
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 90f86cf..8ed260a 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -561,6 +561,11 @@ void *virtqueue_pop(VirtQueue *vq, size_t sz) max = vq->vring.num; + if (vq->inuse >= vq->vring.num) { + error_report("Virtqueue size exceeded"); + exit(1); + } + i = head = virtqueue_get_head(vq, vq->last_avail_idx++); if (virtio_vdev_has_feature(vdev, VIRTIO_RING_F_EVENT_IDX)) { vring_set_avail_event(vq, vq->last_avail_idx);