Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_r

From:	Hanna Czenczek
Subject:	Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb()
Date:	Tue, 6 Feb 2024 16:09:29 +0100
User-agent:	Mozilla Thunderbird

On 05.02.24 18:26, Stefan Hajnoczi wrote:

Hanna Czenczek <hreitz@redhat.com> noted that the array index in
virtio_blk_dma_restart_cb() is not bounds-checked:

   g_autofree VirtIOBlockReq **vq_rq = g_new0(VirtIOBlockReq *, num_queues);
   ...
   while (rq) {
       VirtIOBlockReq *next = rq->next;
       uint16_t idx = virtio_get_queue_index(rq->vq);

       rq->next = vq_rq[idx];
                  ^^^^^^^^^^

The code is correct because both rq->vq and vq_rq[] depend on
num_queues, but this is indirect and not 100% obvious. Add an assertion.

Suggested-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
  hw/block/virtio-blk.c | 1 +
  1 file changed, 1 insertion(+)


Reviewed-by: Hanna Czenczek <hreitz@redhat.com>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/5] virtio-blk: iothread-vq-mapping cleanups, Stefan Hajnoczi, 2024/02/05
- [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Manos Pitsidianakis, 2024/02/06
    - Re: [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Stefan Hajnoczi, 2024/02/06
  - Re: [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Hanna Czenczek, 2024/02/06
- [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue, Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue, Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue, Hanna Czenczek, 2024/02/06
- [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb(), Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb(), Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb(), Hanna Czenczek <=
- [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type, Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type, Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type, Hanna Czenczek, 2024/02/06
- [PATCH 5/5] monitor: use aio_co_reschedule_self(), Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 5/5] monitor: use aio_co_reschedule_self(), Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 5/5] monitor: use aio_co_reschedule_self(), Hanna Czenczek, 2024/02/06
  - Re: [PATCH 5/5] monitor: use aio_co_reschedule_self(), Markus Armbruster, 2024/02/07

Prev by Date: Re: [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue
Next by Date: Re: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type
Previous by thread: Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb()
Next by thread: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type
Index(es):
- Date
- Thread