Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_r

From:	Manos Pitsidianakis
Subject:	Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb()
Date:	Tue, 06 Feb 2024 09:20:08 +0200
User-agent:	meli 0.8.5-rc.3

On Mon, 05 Feb 2024 19:26, Stefan Hajnoczi <stefanha@redhat.com> wrote:

Hanna Czenczek <hreitz@redhat.com> noted that the array index in
virtio_blk_dma_restart_cb() is not bounds-checked:

 g_autofree VirtIOBlockReq **vq_rq = g_new0(VirtIOBlockReq *, num_queues);
 ...
 while (rq) {
     VirtIOBlockReq *next = rq->next;
     uint16_t idx = virtio_get_queue_index(rq->vq);

     rq->next = vq_rq[idx];
                ^^^^^^^^^^

The code is correct because both rq->vq and vq_rq[] depend on
num_queues, but this is indirect and not 100% obvious. Add an assertion.


This sentence could be useful as an inline comment too.


Suggested-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/block/virtio-blk.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index a0735a9bca..f3193f4b75 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -1209,6 +1209,7 @@ static void virtio_blk_dma_restart_cb(void *opaque, bool 
running,
        VirtIOBlockReq *next = rq->next;
        uint16_t idx = virtio_get_queue_index(rq->vq);

+        assert(idx < num_queues);
        rq->next = vq_rq[idx];
        vq_rq[idx] = rq;
        rq = next;
--
2.43.0


Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/5] virtio-blk: iothread-vq-mapping cleanups, Stefan Hajnoczi, 2024/02/05
- [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Manos Pitsidianakis, 2024/02/06
    - Re: [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Stefan Hajnoczi, 2024/02/06
  - Re: [PATCH 1/5] virtio-blk: enforce iothread-vq-mapping validation, Hanna Czenczek, 2024/02/06
- [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue, Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue, Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue, Hanna Czenczek, 2024/02/06
- [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb(), Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb(), Manos Pitsidianakis <=
  - Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb(), Hanna Czenczek, 2024/02/06
- [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type, Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type, Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type, Hanna Czenczek, 2024/02/06
- [PATCH 5/5] monitor: use aio_co_reschedule_self(), Stefan Hajnoczi, 2024/02/05
  - Re: [PATCH 5/5] monitor: use aio_co_reschedule_self(), Manos Pitsidianakis, 2024/02/06
  - Re: [PATCH 5/5] monitor: use aio_co_reschedule_self(), Hanna Czenczek, 2024/02/06
  - Re: [PATCH 5/5] monitor: use aio_co_reschedule_self(), Markus Armbruster, 2024/02/07

Prev by Date: Re: [PATCH 4/5] virtio-blk: declare VirtIOBlock::rq with a type
Next by Date: Re: [PATCH 2/5] virtio-blk: clarify that there is at least 1 virtqueue
Previous by thread: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb()
Next by thread: Re: [PATCH 3/5] virtio-blk: add vq_rq[] bounds check in virtio_blk_dma_restart_cb()
Index(es):
- Date
- Thread