On 07/27/2016 09:37 AM, P J P wrote: > From: Prasad J Pandit <p...@fedoraproject.org> > > virtio back end uses set of buffers to facilitate I/O operations. > An infinite loop unfolds in virtqueue_pop() if a buffer was > of zero size. Add check to avoid it. > > Reported-by: Li Qiang <liqiang...@360.cn> > Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> > --- > hw/virtio/virtio.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c > index 30ede3d..8de896c 100644 > --- a/hw/virtio/virtio.c > +++ b/hw/virtio/virtio.c > @@ -457,6 +457,11 @@ static void virtqueue_map_desc(unsigned int *p_num_sg, > hwaddr *addr, struct iove > unsigned num_sg = *p_num_sg; > assert(num_sg <= max_num_sg); > > + if (!sz) { > + error_report("virtio: zero sized buffers are not allowed"); > + exit(1); > + }
This lets the guest forcefully exit qemu. Isn't it better to just make the guest error degrade the virtio device into a broken state (the guest can no longer use it, but qemu doesn't exit)? -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature