[Qemu-devel] [PATCH V4 05/19] monitor: check return value of qemu_find_net_clients_except()

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Jason Wang <jasowang@redhat.com>
To: qemu-devel@nongnu.org
Cc: cornelia.huck@de.ibm.com, Jason Wang <jasowang@redhat.com>,
	Luiz Capitulino <lcapitulino@redhat.com>,
	mst@redhat.com
Subject: [Qemu-devel] [PATCH V4 05/19] monitor: check return value of qemu_find_net_clients_except()
Date: Wed, 18 Mar 2015 17:34:55 +0800	[thread overview]
Message-ID: <1426671309-13645-6-git-send-email-jasowang@redhat.com> (raw)
In-Reply-To: <1426671309-13645-1-git-send-email-jasowang@redhat.com>

qemu_find_net_clients_except() may return a value which is greater
than the size of array we provided. So we should check this value
before using it, otherwise this may cause unexpected memory access.

This patch fixes the net related command completion when we have a
virtio-net nic with more than 255 queues.

Cc: Luiz Capitulino <lcapitulino@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
---
 monitor.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/monitor.c b/monitor.c
index 07dfed0..3c0abfd 100644
--- a/monitor.c
+++ b/monitor.c
@@ -4480,7 +4480,7 @@ void set_link_completion(ReadLineState *rs, int nb_args, const char *str)
         count = qemu_find_net_clients_except(NULL, ncs,
                                              NET_CLIENT_OPTIONS_KIND_NONE,
                                              MAX_QUEUE_NUM);
-        for (i = 0; i < count; i++) {
+        for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
             const char *name = ncs[i]->name;
             if (!strncmp(str, name, len)) {
                 readline_add_completion(rs, name);
@@ -4505,7 +4505,7 @@ void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str)
     readline_set_completion_index(rs, len);
     count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NIC,
                                          MAX_QUEUE_NUM);
-    for (i = 0; i < count; i++) {
+    for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
         QemuOpts *opts;
         const char *name = ncs[i]->name;
         if (strncmp(str, name, len)) {
@@ -4579,7 +4579,7 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str)
         count = qemu_find_net_clients_except(NULL, ncs,
                                              NET_CLIENT_OPTIONS_KIND_NONE,
                                              MAX_QUEUE_NUM);
-        for (i = 0; i < count; i++) {
+        for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
             int id;
             char name[16];
 
@@ -4596,7 +4596,7 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str)
         count = qemu_find_net_clients_except(NULL, ncs,
                                              NET_CLIENT_OPTIONS_KIND_NIC,
                                              MAX_QUEUE_NUM);
-        for (i = 0; i < count; i++) {
+        for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) {
             int id;
             const char *name;
 
-- 
2.1.0

next prev parent reply	other threads:[~2015-03-18  9:35 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-03-18  9:34 [Qemu-devel] [PATCH V4 00/19] Support more virtio queues Jason Wang
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 01/19] pc: add 2.4 machine types Jason Wang
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 02/19] spapr: add machine type specific instance init function Jason Wang
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 03/19] ppc: spapr: add 2.4 machine type Jason Wang
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 04/19] monitor: replace the magic number 255 with MAX_QUEUE_NUM Jason Wang
2015-03-18  9:34 ` Jason Wang [this message]
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 06/19] virtio-ccw: using VIRTIO_NO_VECTOR instead of 0 for invalid virtqueue Jason Wang
2015-03-18 13:08   ` Michael S. Tsirkin
2015-03-20  7:39     ` Cornelia Huck
2015-03-21 18:27       ` Michael S. Tsirkin
2015-03-23  9:02         ` Cornelia Huck
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 07/19] virtio-net: validate backend queue numbers against bus limitation Jason Wang
2015-03-18 13:05   ` Michael S. Tsirkin
2015-03-19  5:26     ` Jason Wang
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 08/19] virtio-net: fix the upper bound when trying to delete queues Jason Wang
2015-03-18 13:06   ` Michael S. Tsirkin
2015-03-19  5:28     ` Jason Wang
2015-03-18  9:34 ` [Qemu-devel] [PATCH V4 09/19] virito: introduce bus specific queue limit Jason Wang
2015-03-20 10:20   ` Cornelia Huck
2015-03-31  2:34     ` Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 10/19] virtio-ccw: introduce ccw " Jason Wang
2015-03-20 11:33   ` Cornelia Huck
2015-03-31  2:36     ` Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 11/19] virtio-s390: switch to bus " Jason Wang
2015-03-20 11:34   ` Cornelia Huck
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 12/19] virtio-mmio: " Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 13/19] virtio-pci: switch to use " Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 14/19] virtio: introduce vector to virtqueues mapping Jason Wang
2015-03-20 11:39   ` Cornelia Huck
2015-03-31  2:37     ` Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 15/19] virtio: introduce virtio_queue_get_index() Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 16/19] virtio-pci: speedup MSI-X masking and unmasking Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 17/19] virtio-pci: increase the maximum number of virtqueues to 513 Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 18/19] pci: remove hard-coded bar size in msix_init_exclusive_bar() Jason Wang
2015-03-18 12:52   ` Michael S. Tsirkin
2015-03-19  5:19     ` Jason Wang
2015-03-19 10:09       ` Michael S. Tsirkin
2015-03-20  5:43         ` Jason Wang
2015-03-18  9:35 ` [Qemu-devel] [PATCH V4 19/19] virtio-pci: introduce auto_msix_bar_size property Jason Wang
2015-03-18 12:57   ` Michael S. Tsirkin
2015-03-19  5:23     ` Jason Wang
2015-03-19 10:01       ` Michael S. Tsirkin
2015-03-20  5:35         ` Jason Wang
2015-03-19  5:23     ` Jason Wang
2015-03-19 10:02       ` Michael S. Tsirkin
2015-03-20  5:38         ` Jason Wang
2015-03-18 12:58 ` [Qemu-devel] [PATCH V4 00/19] Support more virtio queues Michael S. Tsirkin
2015-03-19  5:24   ` Jason Wang
2015-03-19  7:32     ` Michael S. Tsirkin
2015-03-19  7:42       ` Jason Wang
2015-03-19  9:23         ` Michael S. Tsirkin
2015-03-20  5:11           ` Jason Wang

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:07dfed0 dfblob:3c0abfd )
 OR (
bs:"[Qemu-devel] [PATCH V4 05/19] monitor: check return value of qemu_find_net_clients_except()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1426671309-13645-6-git-send-email-jasowang@redhat.com \
    --to=jasowang@redhat.com \
    --cc=cornelia.huck@de.ibm.com \
    --cc=lcapitulino@redhat.com \
    --cc=mst@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).