On Thu, Jan 06, 2022 at 06:47:35AM +0000, Raphael Norwitz wrote:
> When VHOST_USER_PROTOCOL_F_CONFIGURE_MEM_SLOTS support was added to
> libvhost-user, no guardrails were added to protect against QEMU
> attempting to hot-add too many RAM slots to a VM with a libvhost-user
> based backed attached.
>
> This change adds the missing error handling by introducing a check on
> the number of RAM slots the device has available before proceeding to
> process the VHOST_USER_ADD_MEM_REG message.
>
> Suggested-by: Stefan Hajnoczi <stefa...@redhat.com>
> Signed-off-by: Raphael Norwitz <raphael.norw...@nutanix.com>
> ---
> subprojects/libvhost-user/libvhost-user.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/subprojects/libvhost-user/libvhost-user.c
> b/subprojects/libvhost-user/libvhost-user.c
> index 77ddc96ddf..0fe3aa155b 100644
> --- a/subprojects/libvhost-user/libvhost-user.c
> +++ b/subprojects/libvhost-user/libvhost-user.c
> @@ -690,6 +690,11 @@ vu_add_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> VuDevRegion *dev_region = &dev->regions[dev->nregions];
> void *mmap_addr;
>
> + if (dev->nregions == VHOST_USER_MAX_RAM_SLOTS) {
> + vu_panic(dev, "No free ram slots available");
A bit more verbose maybe? Describe what happened to trigger this?
e.g. adding a region with no free ram slots?
> + return false;
> + }
> +
> if (vmsg->fd_num != 1 ||
> vmsg->size != sizeof(vmsg->payload.memreg)) {
> vu_panic(dev, "VHOST_USER_REM_MEM_REG received multiple regions");
> --
> 2.20.1
