[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3] xenfb.c: avoid expensive loops when prod <= out_
From: |
Stefano Stabellini |
Subject: |
[Qemu-devel] [PATCH v3] xenfb.c: avoid expensive loops when prod <= out_cons |
Date: |
Wed, 13 Jan 2016 14:51:08 +0000 |
User-agent: |
Alpine 2.02 (DEB 1266 2009-07-14) |
If the frontend sets out_cons to a value higher than out_prod, it will
cause xenfb_handle_events to loop about 2^32 times. Avoid that by using
better checks at the beginning of the function.
Signed-off-by: Stefano Stabellini <address@hidden>
Reported-by: Ling Liu <address@hidden>
---
Changes in v3:
- fix typo
---
diff --git a/hw/display/xenfb.c b/hw/display/xenfb.c
index 4e2a27a..594baff 100644
--- a/hw/display/xenfb.c
+++ b/hw/display/xenfb.c
@@ -789,8 +789,9 @@ static void xenfb_handle_events(struct XenFB *xenfb)
prod = page->out_prod;
out_cons = page->out_cons;
- if (prod == out_cons)
- return;
+ if (prod - out_cons >= XENFB_OUT_RING_LEN) {
+ return;
+ }
xen_rmb(); /* ensure we see ring contents up to prod */
for (cons = out_cons; cons != prod; cons++) {
union xenfb_out_event *event = &XENFB_OUT_RING_REF(page, cons);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [PATCH v3] xenfb.c: avoid expensive loops when prod <= out_cons,
Stefano Stabellini <=