+-- On Wed, 29 Nov 2017, Cornelia Huck wrote --+
| I think the basic problem is still that you conflate two things:
| - vring.num, which cannot be flipped between 0 and !0 by the guest
| - vring.{desc,avail,used}, which can
|
| IOW, if vring.num == 0, the guest cannot manipulate the queue; if
| vr
On Wed, 29 Nov 2017 15:41:45 +0530 (IST)
P J P wrote:
> Hello Cornelia,
>
> +-- On Tue, 28 Nov 2017, Cornelia Huck wrote --+
> | What is "unfit for use"?
>
> Unfit for use because we see checks like
>
> if (!virtio_queue_get_num(vdev, n)) {
> continue;
> ...
> if (!vdev->vq
Hello Cornelia,
+-- On Tue, 28 Nov 2017, Cornelia Huck wrote --+
| What is "unfit for use"?
Unfit for use because we see checks like
if (!virtio_queue_get_num(vdev, n)) {
continue;
...
if (!vdev->vq[n].vring.num) {
return;
'virtio_queue_set_rings' sets 'vring.desc' as
On Tue, 28 Nov 2017 16:57:34 +0530 (IST)
P J P wrote:
> +-- On Tue, 28 Nov 2017, Stefan Hajnoczi wrote --+
> | > This is conflating different things:
> | > - vq does not exist (num == 0)
> | > - vq is not setup by the guest (desc == 0)
> | > - vq has no valid alignment (which is only relevant for
+-- On Tue, 28 Nov 2017, Stefan Hajnoczi wrote --+
| > This is conflating different things:
| > - vq does not exist (num == 0)
| > - vq is not setup by the guest (desc == 0)
| > - vq has no valid alignment (which is only relevant for legacy)
|
| I agree.
Either case, vq would be unfit for use, no
On Tue, Nov 28, 2017 at 10:11:54AM +0100, Cornelia Huck wrote:
> On Mon, 27 Nov 2017 23:25:28 +0530 (IST)
> P J P wrote:
> > +-- On Mon, 27 Nov 2017, Stefan Hajnoczi wrote --+
> > | > +if (!vdev->vq[n].vring.num || !desc || !vdev->vq[n].vring.align) {
> > | ...
> > | vdev->vq[n].vring.desc =
On Mon, 27 Nov 2017 23:25:28 +0530 (IST)
P J P wrote:
> +-- On Mon, 27 Nov 2017, Cornelia Huck wrote --+
> |The check for align is not really needed, as virtio-1 disallows setting
> align
> |anyway.
>
> disallows...?
See the check in virtio_queue_set_align(). Moreover, the calculation
that b
+-- On Mon, 27 Nov 2017, Cornelia Huck wrote --+
|The check for align is not really needed, as virtio-1 disallows setting align
|anyway.
disallows...?
| Checking for !desc is wrong (why shouldn't a driver be able to unset a
| descriptor table?)
+-- On Mon, 27 Nov 2017, Stefan Hajnoczi wrote --
On Sat, Nov 25, 2017 at 12:04:45AM +0530, P J P wrote:
> @@ -1426,6 +1429,9 @@ hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n)
> void virtio_queue_set_rings(VirtIODevice *vdev, int n, hwaddr desc,
> hwaddr avail, hwaddr used)
> {
> +if (!vdev->vq[n].vring.
On Sat, 25 Nov 2017 00:04:45 +0530
P J P wrote:
> From: Prasad J Pandit
>
> An user could attempt to use an uninitialised VirtQueue object
s/An user/A guest/ ?
> or unset Vring.align leading to a arithmetic exception. Add check
> to avoid it.
>
> Reported-by: Zhangboxian
> Signed-off-by: Pr
From: Prasad J Pandit
An user could attempt to use an uninitialised VirtQueue object
or unset Vring.align leading to a arithmetic exception. Add check
to avoid it.
Reported-by: Zhangboxian
Signed-off-by: Prasad J Pandit
---
hw/virtio/virtio.c | 14 +++---
1 file changed, 11 insertions
11 matches
Mail list logo
