diff options
author | Jason Wang <jasowang@redhat.com> | 2015-03-20 14:07:50 +0800 |
---|---|---|
committer | Michael S. Tsirkin <mst@redhat.com> | 2015-03-25 13:39:25 +0100 |
commit | 7e0e736ecdfeac6d3517513d3a702304e4f6cf59 (patch) | |
tree | a3afabb60e43593737ee49276d8019384da7b5aa | |
parent | 7976a6d23151c780474bdac106f3cf1343a2d6ca (diff) |
virtio-net: validate backend queue numbers against bus limitation
We don't validate the backend queue numbers against bus limitation,
this will easily crash qemu if it exceeds the limitation which will
hit the abort() in virtio_del_queue(). An example is trying to
starting a virtio-net device with 256 queues. E.g:
./qemu-system-x86_64 -netdev tap,id=hn0,queues=256 -device
virtio-net-pci,netdev=hn0
Fixing this by doing the validation and fail early.
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
-rw-r--r-- | hw/net/virtio-net.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 27adcc5467..59f76bcf76 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -1588,6 +1588,13 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp) virtio_init(vdev, "virtio-net", VIRTIO_ID_NET, n->config_size); n->max_queues = MAX(n->nic_conf.peers.queues, 1); + if (n->max_queues * 2 + 1 > VIRTIO_PCI_QUEUE_MAX) { + error_setg(errp, "Invalid number of queues (= %" PRIu32 "), " + "must be a postive integer less than %d.", + n->max_queues, (VIRTIO_PCI_QUEUE_MAX - 1) / 2); + virtio_cleanup(vdev); + return; + } n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues); n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx); n->curr_queues = 1; |