From: Stefan Hajnoczi Date: Wed, 21 Sep 2016 15:52:22 +0000 (+0100) Subject: virtio: handle virtqueue_get_avail_bytes() errors X-Git-Tag: TizenStudio_2.0_p2.3.2~9^2~14^2~5^2~166^2~8 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d65abf85e7e5fce31905eaea322ef2ea26e5f2db;p=sdk%2Femulator%2Fqemu.git virtio: handle virtqueue_get_avail_bytes() errors If the vring is invalid, tell the caller no bytes are available and mark the device broken. Signed-off-by: Stefan Hajnoczi Reviewed-by: Cornelia Huck Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Reviewed-by: Cornelia Huck --- diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index f2d6c3c..10c2f3d 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -426,14 +426,14 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, if (desc.flags & VRING_DESC_F_INDIRECT) { if (desc.len % sizeof(VRingDesc)) { - error_report("Invalid size for indirect buffer table"); - exit(1); + virtio_error(vdev, "Invalid size for indirect buffer table"); + goto err; } /* If we've got too many, that implies a descriptor loop. */ if (num_bufs >= max) { - error_report("Looped descriptor"); - exit(1); + virtio_error(vdev, "Looped descriptor"); + goto err; } /* loop over the indirect descriptor table */ @@ -447,8 +447,8 @@ void virtqueue_get_avail_bytes(VirtQueue *vq, unsigned int *in_bytes, do { /* If we've got too many, that implies a descriptor loop. */ if (++num_bufs > max) { - error_report("Looped descriptor"); - exit(1); + virtio_error(vdev, "Looped descriptor"); + goto err; } if (desc.flags & VRING_DESC_F_WRITE) { @@ -473,6 +473,11 @@ done: if (out_bytes) { *out_bytes = out_total; } + return; + +err: + in_total = out_total = 0; + goto done; } int virtqueue_avail_bytes(VirtQueue *vq, unsigned int in_bytes,