On 10/6/2010 7:42 AM, Stefan Hajnoczi wrote: > On a related note, there are more uses of BUG_ON() in hw/virtio-9p.c > which can be triggered from the guest: > > submit_pdu(): > BUG_ON(pdu->id >= ARRAY_SIZE(pdu_handlers)); > BUG_ON(handler == NULL); > > handle_9p_output(): > BUG_ON(pdu->elem.out_num == 0 || pdu->elem.in_num == 0); > BUG_ON(pdu->elem.out_sg[0].iov_len < 7); >
yeah.. these BUG_ONs make sense only if we "trust" the client. > These should be handled by skipping the bad virtqueue element. We > could also reset the device but that may freak out the (bad) guest. May be log an error and skip it? Reset is not a bad idea..if we decided to punish the client for sending something that is not acceptable. .. any comments? - JV > > Stefan >
