From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>
To: qemu-devel@nongnu.org, stefanha@redhat.com, mst@redhat.com,
famz@redhat.com, amit@kernel.org
Subject: [Qemu-devel] [PATCH for 3.1 2/4] virtio: Check qemu_get_virtqueue_element returns
Date: Mon, 16 Jul 2018 18:37:41 +0100 [thread overview]
Message-ID: <20180716173743.133393-3-dgilbert@redhat.com> (raw)
In-Reply-To: <20180716173743.133393-1-dgilbert@redhat.com>
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Check calls to qemu_get_virtqueue_element for NULL and pass
up the chain.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
---
hw/block/virtio-blk.c | 4 ++++
hw/char/virtio-serial-bus.c | 4 ++++
hw/scsi/virtio-scsi.c | 4 ++++
3 files changed, 12 insertions(+)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index 50b5c869e3..324c6b2b27 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -888,6 +888,10 @@ static int virtio_blk_load_device(VirtIODevice *vdev, QEMUFile *f,
}
req = qemu_get_virtqueue_element(vdev, f, sizeof(VirtIOBlockReq));
+ if (!req) {
+ error_report("%s: Bad vq element %u", __func__, vq_idx);
+ return -EINVAL;
+ }
virtio_blk_init_request(s, virtio_get_queue(vdev, vq_idx), req);
req->next = s->rq;
s->rq = req;
diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
index d2dd8ab502..e99dc9bf59 100644
--- a/hw/char/virtio-serial-bus.c
+++ b/hw/char/virtio-serial-bus.c
@@ -781,6 +781,10 @@ static int fetch_active_ports_list(QEMUFile *f,
port->elem =
qemu_get_virtqueue_element(vdev, f, sizeof(VirtQueueElement));
+ if (!port->elem) {
+ error_report("%s: Bad vq element", __func__);
+ return -EINVAL;
+ }
/*
* Port was throttled on source machine. Let's
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 3aa99717e2..6301af76ad 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -207,6 +207,10 @@ static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq)
assert(n < vs->conf.num_queues);
req = qemu_get_virtqueue_element(vdev, f,
sizeof(VirtIOSCSIReq) + vs->cdb_size);
+ if (!req) {
+ error_report("%s: Bad vq element", __func__);
+ return NULL;
+ }
virtio_scsi_init_req(s, vs->cmd_vqs[n], req);
if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICmdReq) + vs->cdb_size,
--
2.17.1
next prev parent reply other threads:[~2018-07-16 17:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-16 17:37 [Qemu-devel] [PATCH for 3.1 0/4] virtio migration load path Dr. David Alan Gilbert (git)
2018-07-16 17:37 ` [Qemu-devel] [PATCH for 3.1 1/4] scsi/migration: Allow bus load request to fail Dr. David Alan Gilbert (git)
2018-07-17 9:08 ` Cornelia Huck
2018-07-16 17:37 ` Dr. David Alan Gilbert (git) [this message]
2018-07-17 9:11 ` [Qemu-devel] [PATCH for 3.1 2/4] virtio: Check qemu_get_virtqueue_element returns Cornelia Huck
2018-07-17 10:30 ` Stefan Hajnoczi
2018-07-16 17:37 ` [Qemu-devel] [PATCH for 3.1 3/4] virtio-scsi/migration: Allow load_request to fail Dr. David Alan Gilbert (git)
2018-07-17 9:13 ` Cornelia Huck
2018-07-16 17:37 ` [Qemu-devel] [PATCH for 3.1 4/4] virtio: qemu_get_virtqueue_element fail rather than assert Dr. David Alan Gilbert (git)
2018-07-17 9:16 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180716173743.133393-3-dgilbert@redhat.com \
--to=dgilbert@redhat.com \
--cc=amit@kernel.org \
--cc=famz@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.