On Wed, Mar 16, 2011 at 05:29:48PM -0500, Anthony Liguori wrote:
> On 03/15/2011 11:56 PM, David Gibson wrote:
[snip]
> >+ lbuf = qemu_mallocz(total_len);
> >+ p = lbuf;
> >+ for (i = 0; i< nbufs; i++) {
> >+ ret = spapr_tce_dma_read(sdev, VLAN_BD_ADDR(bufs[i]),
> >+ p, VLAN_BD_LEN(bufs[i]));
> >+ if (ret< 0) {
> >+ goto out;
> >+ }
> >+
> >+ p += VLAN_BD_LEN(bufs[i]);
> >+ }
>
> I don't like the idea that there's a guest driven allocation that
> can reach 100mb here. I'd suggest that we at least limit total_len
> to 64k to be on the safe side since a packet can't be larger than
> that anyway.
Ah, a very good point. Done.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
