Re: [Qemu-devel] [PATCH 1/2] hw/virtio/virtio: Don't allow guests to add/remove queues

["Michael S. Tsirkin" <mst@redhat.com>]

On Thu, Jul 25, 2013 at 11:37:22PM +0100, Peter Maydell wrote:
> On 25 July 2013 23:33, Michael S. Tsirkin <mst@redhat.com> wrote:
> > On Thu, Jul 25, 2013 at 02:37:42PM +0100, Peter Maydell wrote:
> >> A queue size of 0 is used to indicate a nonexistent queue, so
> >> don't allow the guest to flip a queue between zero-size and
> >> non-zero-size. Don't permit setting of negative queue sizes
> >> either.
> >>
> >> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> >> ---
> >>  hw/virtio/virtio.c |   10 +++++++---
> >>  1 file changed, 7 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> >> index 09f62c6..d5b0502 100644
> >> --- a/hw/virtio/virtio.c
> >> +++ b/hw/virtio/virtio.c
> >> @@ -673,10 +673,14 @@ hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n)
> >>
> >>  void virtio_queue_set_num(VirtIODevice *vdev, int n, int num)
> >>  {
> >> -    if (num <= VIRTQUEUE_MAX_SIZE) {
> >> -        vdev->vq[n].vring.num = num;
> >> -        virtqueue_init(&vdev->vq[n]);
> >> +    if ((num == 0 && vdev->vq[n].vring.num != 0) ||
> >> +        (num != 0 && vdev->vq[n].vring.num == 0) ||
> >
> > Cleaner (imho)
> >
> >     !num != !vdev->vq[n].vring.num
> 
> I think that's more confusing, and you really don't want
> "guards so we don't let the guest do bad things" to be
> confusing to read.

Confusing to whom? That's really subjective.
You can use cast to bool or !! if you prefer.
     (bool)num != (bool)vdev->vq[n].vring.num

Point is, most other code in this file uses (x) and !(x)
and not != 0.
That's objective, so please, find a way to not test ==0/!= 0.

> >> +        (num < 0)) {
> >
> > How does it ever get negative?
> 
> If the guest maliciously writes a value with bit 31 set
> to the register...
> 
> -- PMM

Make the argument unsigned then?

-- 
MST