Re: [Qemu-devel] [PATCH] virtio: abort on zero config length

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] virtio: abort on zero config length

From:	Anthony Liguori
Subject:	Re: [Qemu-devel] [PATCH] virtio: abort on zero config length
Date:	Thu, 25 Apr 2013 15:20:20 -0500
User-agent:	Notmuch/0.15.2+77~g661dcf8 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-pc-linux-gnu)

Jason Wang <address@hidden> writes:

> In fact we don't support zero length config length for virtio device.

virtio-rng?

> And it can lead outbound memory access. So abort on zero config length
> to catch the bug earlier.

Not sure what you mean, but virtio-rng has a zero length config space.

Regards,

Anthony Liguori

>
> Signed-off-by: Jason Wang <address@hidden>
> ---
>  hw/virtio/virtio.c |    7 ++-----
>  1 files changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
> index 1c2282c..a6fa667 100644
> --- a/hw/virtio/virtio.c
> +++ b/hw/virtio/virtio.c
> @@ -923,6 +923,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
>                   uint16_t device_id, size_t config_size)
>  {
>      int i;
> +    assert(config_size);
>      vdev->device_id = device_id;
>      vdev->status = 0;
>      vdev->isr = 0;
> @@ -938,11 +939,7 @@ void virtio_init(VirtIODevice *vdev, const char *name,
>  
>      vdev->name = name;
>      vdev->config_len = config_size;
> -    if (vdev->config_len) {
> -        vdev->config = g_malloc0(config_size);
> -    } else {
> -        vdev->config = NULL;
> -    }
> +    vdev->config = g_malloc0(config_size);
>      vdev->vmstate = qemu_add_vm_change_state_handler(virtio_vmstate_change,
>                                                       vdev);
>  }
> -- 
> 1.7.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] virtio: abort on zero config length, Jason Wang, 2013/04/25
- Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Michael S. Tsirkin, 2013/04/25
- Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Anthony Liguori <=
  - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Michael S. Tsirkin, 2013/04/25
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Anthony Liguori, 2013/04/25
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Jason Wang, 2013/04/26
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Eric Blake, 2013/04/26
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Jason Wang, 2013/04/26
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Michael S. Tsirkin, 2013/04/26
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Anthony Liguori, 2013/04/26
    - Re: [Qemu-devel] [PATCH] virtio: abort on zero config length, Laszlo Ersek, 2013/04/26

Prev by Date: Re: [Qemu-devel] [PATCH v6 10/11] rdma: core logic
Next by Date: Re: [Qemu-devel] [PATCH 04/15] target-i386: introduce apic-id property
Previous by thread: Re: [Qemu-devel] [PATCH] virtio: abort on zero config length
Next by thread: Re: [Qemu-devel] [PATCH] virtio: abort on zero config length
Index(es):
- Date
- Thread