qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH v2] virtio-scsi: Fix num_queue input validation
@ 2014-10-31  3:04 Fam Zheng
  2014-10-31 10:26 ` Paolo Bonzini
  0 siblings, 1 reply; 2+ messages in thread
From: Fam Zheng @ 2014-10-31  3:04 UTC (permalink / raw)
  To: qemu-devel; +Cc: Paolo Bonzini, Max Reitz, stefanha, Michael S. Tsirkin

We need to count the ctrlq and eventq, and also cleanup before
returning. Besides, the format string should be unsigned.

The number could never be less than zero.

Signed-off-by: Fam Zheng <famz@redhat.com>
---
 hw/scsi/virtio-scsi.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 7d40ecc..fdcacfd 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -804,10 +804,12 @@ void virtio_scsi_common_realize(DeviceState *dev, Error **errp,
     virtio_init(vdev, "virtio-scsi", VIRTIO_ID_SCSI,
                 sizeof(VirtIOSCSIConfig));
 
-    if (s->conf.num_queues <= 0 || s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX) {
-        error_setg(errp, "Invalid number of queues (= %" PRId32 "), "
+    if (s->conf.num_queues == 0 ||
+            s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX - 2) {
+        error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
                          "must be a positive integer less than %d.",
-                   s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX);
+                   s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX - 2);
+        virtio_cleanup(vdev);
         return;
     }
     s->cmd_vqs = g_malloc0(s->conf.num_queues * sizeof(VirtQueue *));
-- 
1.9.3

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH v2] virtio-scsi: Fix num_queue input validation
  2014-10-31  3:04 [Qemu-devel] [PATCH v2] virtio-scsi: Fix num_queue input validation Fam Zheng
@ 2014-10-31 10:26 ` Paolo Bonzini
  0 siblings, 0 replies; 2+ messages in thread
From: Paolo Bonzini @ 2014-10-31 10:26 UTC (permalink / raw)
  To: Fam Zheng, qemu-devel; +Cc: Max Reitz, stefanha, Michael S. Tsirkin

On 31/10/2014 04:04, Fam Zheng wrote:
> We need to count the ctrlq and eventq, and also cleanup before
> returning. Besides, the format string should be unsigned.
> 
> The number could never be less than zero.
> 
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
>  hw/scsi/virtio-scsi.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
> index 7d40ecc..fdcacfd 100644
> --- a/hw/scsi/virtio-scsi.c
> +++ b/hw/scsi/virtio-scsi.c
> @@ -804,10 +804,12 @@ void virtio_scsi_common_realize(DeviceState *dev, Error **errp,
>      virtio_init(vdev, "virtio-scsi", VIRTIO_ID_SCSI,
>                  sizeof(VirtIOSCSIConfig));
>  
> -    if (s->conf.num_queues <= 0 || s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX) {
> -        error_setg(errp, "Invalid number of queues (= %" PRId32 "), "
> +    if (s->conf.num_queues == 0 ||
> +            s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX - 2) {
> +        error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
>                           "must be a positive integer less than %d.",
> -                   s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX);
> +                   s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX - 2);
> +        virtio_cleanup(vdev);
>          return;
>      }
>      s->cmd_vqs = g_malloc0(s->conf.num_queues * sizeof(VirtQueue *));
> 

Thanks, applied.

Paolo

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-10-31 15:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-10-31  3:04 [Qemu-devel] [PATCH v2] virtio-scsi: Fix num_queue input validation Fam Zheng
2014-10-31 10:26 ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).