From: Anthony Liguori <anthony@codemonkey.ws>
To: Amos Kong <akong@redhat.com>
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: Re: [Qemu-devel] [PATCH 2/3] virtio: Strictly check queue_size when adding virtqueue
Date: Wed, 15 Jun 2011 18:31:47 -0500 [thread overview]
Message-ID: <4DF940E3.2020603@codemonkey.ws> (raw)
In-Reply-To: <20110615225359.GA2354@t400>
On 06/15/2011 05:53 PM, Amos Kong wrote:
> On Wed, Jun 15, 2011 at 11:36:02PM +0300, Michael S. Tsirkin wrote:
>> On Wed, Jun 15, 2011 at 10:25:33PM +0800, Amos Kong wrote:
>>> Qemu should abort when 'queue_size' is less than or equals to zero.
>>>
>>> Signed-off-by: Amos Kong<akong@redhat.com>
>>
>> BTW, these patches apply upstream so should be sent to qemu-devel.
>>
>>> ---
>>> hw/virtio.c | 3 ++-
>>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/hw/virtio.c b/hw/virtio.c
>>> index a3d0eee..855fe54 100644
>>> --- a/hw/virtio.c
>>> +++ b/hw/virtio.c
>>> @@ -612,7 +612,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size,
>>> break;
>>> }
>>>
>>> - if (i == VIRTIO_PCI_QUEUE_MAX || queue_size> VIRTQUEUE_MAX_SIZE)
>>> + if (i == VIRTIO_PCI_QUEUE_MAX || queue_size> VIRTQUEUE_MAX_SIZE ||
>>> + queue_size<= 0)
>>> abort();
>>>
>>> vdev->vq[i].vring.num = queue_size;
>>
>> These checks are just a debugging aid - there's no way
>> for the guest or user to trigger this.
>> I guess it does no harm, but what are we guarding against?
>> Why would anyone pass in a negative value?
>
> It seems all exist usage of this function are all right, guest/user could not trigger this right now.
> So we don't need to fix this kind of problem?
If it's not valid for queue_size to be negative, then the type ought to
be unsigned.
Regards,
Anthony Liguori
>
WARNING: multiple messages have this Message-ID (diff)
From: Anthony Liguori <anthony@codemonkey.ws>
To: Amos Kong <akong@redhat.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 2/3] virtio: Strictly check queue_size when adding virtqueue
Date: Wed, 15 Jun 2011 18:31:47 -0500 [thread overview]
Message-ID: <4DF940E3.2020603@codemonkey.ws> (raw)
In-Reply-To: <20110615225359.GA2354@t400>
On 06/15/2011 05:53 PM, Amos Kong wrote:
> On Wed, Jun 15, 2011 at 11:36:02PM +0300, Michael S. Tsirkin wrote:
>> On Wed, Jun 15, 2011 at 10:25:33PM +0800, Amos Kong wrote:
>>> Qemu should abort when 'queue_size' is less than or equals to zero.
>>>
>>> Signed-off-by: Amos Kong<akong@redhat.com>
>>
>> BTW, these patches apply upstream so should be sent to qemu-devel.
>>
>>> ---
>>> hw/virtio.c | 3 ++-
>>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>>
>>> diff --git a/hw/virtio.c b/hw/virtio.c
>>> index a3d0eee..855fe54 100644
>>> --- a/hw/virtio.c
>>> +++ b/hw/virtio.c
>>> @@ -612,7 +612,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size,
>>> break;
>>> }
>>>
>>> - if (i == VIRTIO_PCI_QUEUE_MAX || queue_size> VIRTQUEUE_MAX_SIZE)
>>> + if (i == VIRTIO_PCI_QUEUE_MAX || queue_size> VIRTQUEUE_MAX_SIZE ||
>>> + queue_size<= 0)
>>> abort();
>>>
>>> vdev->vq[i].vring.num = queue_size;
>>
>> These checks are just a debugging aid - there's no way
>> for the guest or user to trigger this.
>> I guess it does no harm, but what are we guarding against?
>> Why would anyone pass in a negative value?
>
> It seems all exist usage of this function are all right, guest/user could not trigger this right now.
> So we don't need to fix this kind of problem?
If it's not valid for queue_size to be negative, then the type ought to
be unsigned.
Regards,
Anthony Liguori
>
next prev parent reply other threads:[~2011-06-15 23:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-15 14:25 [PATCH 1/3] virtio: Correct error message of unavailable index Amos Kong
2011-06-15 14:25 ` [PATCH 2/3] virtio: Strictly check queue_size when adding virtqueue Amos Kong
2011-06-15 20:36 ` Michael S. Tsirkin
2011-06-15 22:53 ` Amos Kong
2011-06-15 22:53 ` [Qemu-devel] " Amos Kong
2011-06-15 23:31 ` Anthony Liguori [this message]
2011-06-15 23:31 ` Anthony Liguori
2011-06-16 2:10 ` [PATCH v2] virtio: Define queue_size to unsigned Amos Kong
2011-06-16 2:10 ` [Qemu-devel] " Amos Kong
2011-06-15 14:25 ` [PATCH 3/3] virtio: Define max_nr_ports " Amos Kong
2011-06-15 20:39 ` Michael S. Tsirkin
2011-06-15 20:30 ` [PATCH 1/3] virtio: Correct error message of unavailable index Michael S. Tsirkin
2011-06-16 1:59 ` Amos Kong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DF940E3.2020603@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=akong@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.