From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60878)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1YYCNC-0006hc-5X
	for qemu-devel@nongnu.org; Wed, 18 Mar 2015 07:42:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1YYCN8-0007br-1e
	for qemu-devel@nongnu.org; Wed, 18 Mar 2015 07:42:54 -0400
Received: from mx1.redhat.com ([209.132.183.28]:39672)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mst@redhat.com>) id 1YYCN7-0007bl-Py
	for qemu-devel@nongnu.org; Wed, 18 Mar 2015 07:42:49 -0400
Date: Wed, 18 Mar 2015 12:42:46 +0100
From: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <1426678962-27545-1-git-send-email-mst@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [Qemu-devel] [PATCH] virtio: move sanity checks to ifdef DEBUG
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Rusty Russell <rusty@rustcorp.com.au>

All that happens when virtqueue_fill is invoked incorrectly is that we
corrupt guest memory, so this check is not a security measure.
Move the check to ifdef DEBUG to make sure we don't introduce new
crashes close to release.
Array scans aren't free either, so it's a good idea from performance
point of view, too.

Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/virtio/virtio.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
index 27429c2..37fb2ee 100644
--- a/hw/virtio/virtio.c
+++ b/hw/virtio/virtio.c
@@ -243,15 +243,22 @@ int virtio_queue_empty(VirtQueue *vq)
 void virtqueue_fill(VirtQueue *vq, const VirtQueueElement *elem,
                     unsigned int len_written, unsigned int idx)
 {
-    unsigned int offset, tot_wlen;
+    unsigned int offset;
     int i;
 
     trace_virtqueue_fill(vq, elem, len_written, idx);
 
-    for (tot_wlen = i = 0; i < elem->in_num; i++) {
-        tot_wlen += elem->in_sg[i].iov_len;
+#ifdef DEBUG_VIRTIO
+    {
+        /* Check that len_written is <= the writable length. */
+        unsigned int tot_wlen;
+
+        for (tot_wlen = i = 0; i < elem->in_num; i++) {
+            tot_wlen += elem->in_sg[i].iov_len;
+        }
+        assert(len_written <= tot_wlen);
     }
-    assert(len_written <= tot_wlen);
+#endif
 
     offset = 0;
     for (i = 0; i < elem->in_num; i++) {
-- 
MST