diff options
author | Stefan Hajnoczi <stefanha@redhat.com> | 2016-09-21 16:52:22 +0100 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2016-09-23 19:03:56 +0300 |
commit | d65abf85e7e5fce31905eaea322ef2ea26e5f2db (patch) | |
tree | 228d3597cc24c38537e417ae27b90990f8aacdd3 | |
parent | ec55da192403e4a1e05f767c8762273d43ea7da4 (diff) | |
download | qemu-d65abf85e7e5fce31905eaea322ef2ea26e5f2db.zip qemu-d65abf85e7e5fce31905eaea322ef2ea26e5f2db.tar.gz qemu-d65abf85e7e5fce31905eaea322ef2ea26e5f2db.tar.bz2 |
virtio: handle virtqueue_get_avail_bytes() errors
If the vring is invalid, tell the caller no bytes are available and mark
the device broken.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Cornelia Huck <cornelia.huck@de.ibm.com>
-rw-r--r-- | hw/virtio/virtio.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index f2d6c3c..10c2f3d 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -426,14 +426,14 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, if (desc.flags & VRING_DESC_F_INDIRECT) { if (desc.len % sizeof(VRingDesc)) { - error_report("Invalid size for indirect buffer table"); - exit(1); + virtio_error(vdev, "Invalid size for indirect buffer table"); + goto err; } /* If we've got too many, that implies a descriptor loop. */ if (num_bufs >= max) { - error_report("Looped descriptor"); - exit(1); + virtio_error(vdev, "Looped descriptor"); + goto err; } /* loop over the indirect descriptor table */ @@ -447,8 +447,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, do { /* If we've got too many, that implies a descriptor loop. */ if (++num_bufs > max) { - error_report("Looped descriptor"); - exit(1); + virtio_error(vdev, "Looped descriptor"); + goto err; } if (desc.flags & VRING_DESC_F_WRITE) { @@ -473,6 +473,11 @@ done: if (out_bytes) { *out_bytes = out_total; } + return; + +err: + in_total = out_total = 0; + goto done; } int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes, |