|
 |
9ae3a8 |
From 30860f89b8dc79b24906e8f7d6d6aa0788616bd1 Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: Xiao Wang <jasowang@redhat.com>
|
|
|
9ae3a8 |
Date: Thu, 18 Jan 2018 08:16:16 +0100
|
|
|
9ae3a8 |
Subject: [PATCH 1/3] virtio-net: validate backend queue numbers against bus
|
|
|
9ae3a8 |
limitation
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
RH-Author: Xiao Wang <jasowang@redhat.com>
|
|
|
9ae3a8 |
Message-id: <1516263376-6261-1-git-send-email-jasowang@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 78662
|
|
|
9ae3a8 |
O-Subject: [RHEL7.5 qemu-kvm PATCH] virtio-net: validate backend queue numbers against bus limitation
|
|
|
9ae3a8 |
Bugzilla: 1460872
|
|
|
9ae3a8 |
RH-Acked-by: wexu@redhat.com
|
|
|
9ae3a8 |
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Notes: conflict since RHEL7 lacks:
|
|
|
9ae3a8 |
- 575a1c0e4228 ("net: move queue number into NICPeers")
|
|
|
9ae3a8 |
- e6f746b380ad ("virtio-net: Convert to QOM realize")
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
We don't validate the backend queue numbers against bus limitation,
|
|
|
9ae3a8 |
this will easily crash qemu if it exceeds the limitation which will
|
|
|
9ae3a8 |
hit the abort() in virtio_del_queue(). An example is trying to
|
|
|
9ae3a8 |
starting a virtio-net device with 256 queues. E.g:
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
./qemu-system-x86_64 -netdev tap,id=hn0,queues=256 -device
|
|
|
9ae3a8 |
virtio-net-pci,netdev=hn0
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Fixing this by doing the validation and fail early.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Cc: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9ae3a8 |
Cc: qemu-stable <qemu-stable@nongnu.org>
|
|
|
9ae3a8 |
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
|
9ae3a8 |
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
|
9ae3a8 |
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
|
9ae3a8 |
(cherry picked from commit 7e0e736ecdfeac6d3517513d3a702304e4f6cf59)
|
|
|
9ae3a8 |
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Conflicts:
|
|
|
9ae3a8 |
hw/net/virtio-net.c
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
hw/net/virtio-net.c | 8 ++++++++
|
|
|
9ae3a8 |
1 file changed, 8 insertions(+)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
|
|
|
9ae3a8 |
index eb2feaf..3e41acc 100644
|
|
|
9ae3a8 |
--- a/hw/net/virtio-net.c
|
|
|
9ae3a8 |
+++ b/hw/net/virtio-net.c
|
|
|
9ae3a8 |
@@ -1535,6 +1535,14 @@ static int virtio_net_device_init(VirtIODevice *vdev)
|
|
|
9ae3a8 |
n->config_size);
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
n->max_queues = MAX(n->nic_conf.queues, 1);
|
|
|
9ae3a8 |
+ if (n->max_queues * 2 + 1 > VIRTIO_PCI_QUEUE_MAX) {
|
|
|
9ae3a8 |
+ error_report("Invalid number of queues (= %" PRIu32 "), "
|
|
|
9ae3a8 |
+ "must be a postive integer less than %d.",
|
|
|
9ae3a8 |
+ n->max_queues, (VIRTIO_PCI_QUEUE_MAX - 1) / 2);
|
|
|
9ae3a8 |
+ virtio_cleanup(vdev);
|
|
|
9ae3a8 |
+ return -EINVAL;
|
|
|
9ae3a8 |
+ }
|
|
|
9ae3a8 |
+
|
|
|
9ae3a8 |
n->vqs = g_malloc0(sizeof(VirtIONetQueue) * n->max_queues);
|
|
|
9ae3a8 |
n->vqs[0].rx_vq = virtio_add_queue(vdev, 256, virtio_net_handle_rx);
|
|
|
9ae3a8 |
n->curr_queues = 1;
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.8.3.1
|
|
|
9ae3a8 |
|