[Qemu-devel] [PATCH 5/5] virtio-serial: Error out if guest sends unexpec

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH 5/5] virtio-serial: Error out if guest sends unexpec

From:	Amit Shah
Subject:	[Qemu-devel] [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements
Date:	Fri, 10 Dec 2010 18:55:18 +0530

Check if the guest really sent any items in the out_vq before using
them.  Similarly, check if there is a buffer to send data in before
writing.

Signed-off-by: Amit Shah <address@hidden>
---
 hw/virtio-serial-bus.c |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c
index 3bbd915..3a3032f 100644
--- a/hw/virtio-serial-bus.c
+++ b/hw/virtio-serial-bus.c
@@ -102,6 +102,11 @@ static size_t write_to_port(VirtIOSerialPort *port,
             break;
         }
 
+        if (elem.in_num < 1) {
+            error_report("No buffer to send data in?");
+            abort();
+        }
+
         len = iov_from_buf(elem.in_sg, elem.in_num,
                            buf + offset, size - offset);
         offset += len;
@@ -127,6 +132,11 @@ static void do_flush_queued_data(VirtIOSerialPort *port, 
VirtQueue *vq,
     while (virtqueue_pop(vq, &elem)) {
         unsigned int i;
 
+        if (elem.out_num < 1) {
+            error_report("No data sent by guest?");
+            abort();
+        }
+
         if (discard) {
             goto next;
         }
@@ -169,6 +179,11 @@ static size_t send_control_msg(VirtIOSerialPort *port, 
void *buf, size_t len)
         return 0;
     }
 
+    if (elem.in_num < 1) {
+        error_report("No buffer to send control data in?");
+        abort();
+    }
+
     cpkt = (struct virtio_console_control *)buf;
     stl_p(&cpkt->id, port->id);
     memcpy(elem.in_sg[0].iov_base, buf, len);
@@ -386,6 +401,10 @@ static void control_out(VirtIODevice *vdev, VirtQueue *vq)
     while (virtqueue_pop(vq, &elem)) {
         size_t cur_len, copied;
 
+        if (elem.out_num < 1) {
+            error_report("No data sent in control packet");
+            abort();
+        }
         cur_len = iov_size(elem.out_sg, elem.out_num);
         /*
          * Allocate a new buf only if we didn't have one previously or
-- 
1.7.3.2

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH 0/5] virtio-serial: Trivial fixes, don't copy buffers to host, Amit Shah, 2010/12/10
- [Qemu-devel] [PATCH 1/5] virtio-console: Factor out common init between console and generic ports, Amit Shah, 2010/12/10
- [Qemu-devel] [PATCH 2/5] virtio-console: Remove unnecessary braces, Amit Shah, 2010/12/10
- [Qemu-devel] [PATCH 3/5] virtio-serial: Simplify condition for a while loop, Amit Shah, 2010/12/10
- [Qemu-devel] [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host, Amit Shah, 2010/12/10
  - [Qemu-devel] Re: [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host, Paul Brook, 2010/12/10
    - [Qemu-devel] Re: [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host, Amit Shah, 2010/12/10
    - [Qemu-devel] Re: [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host, Paul Brook, 2010/12/10
    - [Qemu-devel] Re: [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host, Amit Shah, 2010/12/10
- [Qemu-devel] [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements, Amit Shah <=
  - [Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements, Paul Brook, 2010/12/10
    - [Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements, Amit Shah, 2010/12/10
    - [Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements, Paul Brook, 2010/12/10
    - [Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements, Amit Shah, 2010/12/10

Prev by Date: [Qemu-devel] [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host
Next by Date: Re: [Qemu-devel] [PATCH 1/5] block: add discard support
Previous by thread: [Qemu-devel] Re: [PATCH 4/5] virtio-serial: Don't copy over guest buffer to host
Next by thread: [Qemu-devel] Re: [PATCH 5/5] virtio-serial: Error out if guest sends unexpected vq elements
Index(es):
- Date
- Thread