On 8 July 2013 20:39, Anthony Liguori <aliguori@xxxxxxxxxx> wrote:
> Peter Maydell <peter.maydell@xxxxxxxxxx> writes:
>> +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num)
>> +{
>> + vdev->vq[n].vring.num = num;
>> + virtqueue_init(&vdev->vq[n]);
>
> I think some level of checking is probably needed on num since we do a
> tremendous amount of math on it. I doubt it's exploitable since it's
> always treated as a PA, but better to be safe than sorry.
So at the moment we do that in the transport:
+ if (value <= VIRTQUEUE_MAX_SIZE) {
+ DPRINTF("calling virtio_queue_set_num\n");
+ virtio_queue_set_num(vdev, vdev->queue_sel, value);
+ }
but I agree it would be better done here in the generic code.
-- PMM
_______________________________________________
kvmarm mailing list
kvmarm@xxxxxxxxxxxxxxxxxxxxx
https://lists.cs.columbia.edu/cucslists/listinfo/kvmarm
