When VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS support was added to
libvhost-user, no guardrails were added to protect against QEMU
attempting to hot-add too many RAM slots to a VM with a libvhost-user
based backed attached.
This change adds the missing error handling by introducing a check on
the number of RAM slots the device has available before proceeding to
process the VHOST_USER_ADD_MEM_REG message.
Suggested-by: Stefan Hajnoczi <stefa...@redhat.com>
Signed-off-by: Raphael Norwitz <raphael.norw...@nutanix.com>
---
subprojects/libvhost-user/libvhost-user.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/subprojects/libvhost-user/libvhost-user.c
b/subprojects/libvhost-user/libvhost-user.c
index 77ddc96ddf..0fe3aa155b 100644
--- a/subprojects/libvhost-user/libvhost-user.c
+++ b/subprojects/libvhost-user/libvhost-user.c
@@ -690,6 +690,11 @@ vu_add_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
VuDevRegion *dev_region = &dev->regions[dev->nregions];
void *mmap_addr;
+ if (dev->nregions == VHOST_USER_MAX_RAM_SLOTS) {
+ vu_panic(dev, "No free ram slots available");
+ return false;
+ }
+
if (vmsg->fd_num != 1 ||
vmsg->size != sizeof(vmsg->payload.memreg)) {
vu_panic(dev, "VHOST_USER_REM_MEM_REG received multiple regions");
--
2.20.1
