On Sat, Jan 19, 2013 at 09:54:27AM +0800, akong@xxxxxxxxxx wrote: > @@ -350,6 +351,18 @@ static int virtio_net_handle_mac(VirtIONet *n, uint8_t cmd, > struct virtio_net_ctrl_mac mac_data; > size_t s; > > + if (cmd == VIRTIO_NET_CTRL_MAC_ADDR_SET) { > + if (iov_size(iov, iov_cnt) != ETH_ALEN) { > + return VIRTIO_NET_ERR; > + } > + s = iov_to_buf(iov, iov_cnt, 0, &n->mac, sizeof(n->mac)); > + if (s != sizeof(n->mac)) { > + return VIRTIO_NET_ERR; > + } Since iov_size() was checked before iov_to_buf(), we never hit this error. And if we did n->mac would be trashed (i.e. error handling is not complete). I think assert(s == sizeof(n->mac)) is more appropriate appropriate. Also, please change ETH_ALEN to sizeof(n->mac) to make the relationship between the check and the copy clear. Stefan -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html