From: Fam Zheng <famz@redhat.com>
Date: Fri, 31 Oct 2014 03:04:31 +0000 (+0800)
Subject: virtio-scsi: Fix num_queue input validation
X-Git-Tag: Tizen_Studio_1.3_Release_p2.3.2~209^2~494^2~12
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=0ba1f53191221b541b938df86a39eeccfb87f996;p=sdk%2Femulator%2Fqemu.git

virtio-scsi: Fix num_queue input validation

We need to count the ctrlq and eventq, and also cleanup before
returning. Besides, the format string should be unsigned.

The number could never be less than zero.

Signed-off-by: Fam Zheng <famz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---

diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
index 235c2053da..fdcacfd79a 100644
--- a/hw/scsi/virtio-scsi.c
+++ b/hw/scsi/virtio-scsi.c
@@ -804,10 +804,11 @@ void virtio_scsi_common_realize(DeviceState *dev, Error **errp,
     virtio_init(vdev, "virtio-scsi", VIRTIO_ID_SCSI,
                 sizeof(VirtIOSCSIConfig));
 
-    if (s->conf.num_queues <= 0 || s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX) {
-        error_setg(errp, "Invalid number of queues (= %" PRId32 "), "
+    if (s->conf.num_queues == 0 ||
+            s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX - 2) {
+        error_setg(errp, "Invalid number of queues (= %" PRIu32 "), "
                          "must be a positive integer less than %d.",
-                   s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX);
+                   s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX - 2);
         virtio_cleanup(vdev);
         return;
     }