On 07/27/2016 09:37 AM, P J P wrote:
> From: Prasad J Pandit <p...@fedoraproject.org>
>
> virtio back end uses set of buffers to facilitate I/O operations.
> An infinite loop unfolds in virtqueue_pop() if a buffer was
> of zero size. Add check to avoid it.
>
> Reported-by: Li Qiang <liqiang...@360.cn>
> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
> ---
> hw/virtio/virtio.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 30ede3d..8de896c 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -457,6 +457,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg,
> hwaddr *addr, struct iove
> unsigned num_sg = *p_num_sg;
> assert(num_sg <= max_num_sg);
>
> + if (!sz) {
> + error_report("virtio: zero sized buffers are not allowed");
> + exit(1);
> + }This lets the guest forcefully exit qemu. Isn't it better to just make the guest error degrade the virtio device into a broken state (the guest can no longer use it, but qemu doesn't exit)? -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
