hw/block/vhost-user-blk.c | 5 +++++ 1 file changed, 5 insertions(+)
virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so
vhost_user_blk_device_realize() should check this before calling it.
Simple reproducer:
qemu-system-x86_64 \
-chardev null,id=foo \
-device vhost-user-blk-pci,queue-size=4096,chardev=foo
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
hw/block/vhost-user-blk.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
index 0b5b9d44cd..f5e9682703 100644
--- a/hw/block/vhost-user-blk.c
+++ b/hw/block/vhost-user-blk.c
@@ -467,6 +467,11 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
error_setg(errp, "vhost-user-blk: queue size must be non-zero");
return;
}
+ if (s->queue_size > VIRTQUEUE_MAX_SIZE) {
+ error_setg(errp, "vhost-user-blk: queue size must not exceed %d",
+ VIRTQUEUE_MAX_SIZE);
+ return;
+ }
if (!vhost_user_init(&s->vhost_user, &s->chardev, errp)) {
return;
--
2.30.2
Am 13.04.2021 um 18:56 hat Kevin Wolf geschrieben: > virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so > vhost_user_blk_device_realize() should check this before calling it. > > Simple reproducer: > > qemu-system-x86_64 \ > -chardev null,id=foo \ > -device vhost-user-blk-pci,queue-size=4096,chardev=foo > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014 > Signed-off-by: Kevin Wolf <kwolf@redhat.com> Thanks for the review, applied to the block branch. Kevin
On Tue, Apr 13, 2021 at 06:56:54PM +0200, Kevin Wolf wrote: > virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so > vhost_user_blk_device_realize() should check this before calling it. > > Simple reproducer: > > qemu-system-x86_64 \ > -chardev null,id=foo \ > -device vhost-user-blk-pci,queue-size=4096,chardev=foo > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014 > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > --- > hw/block/vhost-user-blk.c | 5 +++++ > 1 file changed, 5 insertions(+) Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
On Tue, Apr 13, 2021 at 06:56:54PM +0200, Kevin Wolf wrote:
> virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so
> vhost_user_blk_device_realize() should check this before calling it.
>
> Simple reproducer:
>
> qemu-system-x86_64 \
> -chardev null,id=foo \
> -device vhost-user-blk-pci,queue-size=4096,chardev=foo
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014
> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
> ---
> hw/block/vhost-user-blk.c | 5 +++++
> 1 file changed, 5 insertions(+)
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
>
> diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c
> index 0b5b9d44cd..f5e9682703 100644
> --- a/hw/block/vhost-user-blk.c
> +++ b/hw/block/vhost-user-blk.c
> @@ -467,6 +467,11 @@ static void vhost_user_blk_device_realize(DeviceState *dev, Error **errp)
> error_setg(errp, "vhost-user-blk: queue size must be non-zero");
> return;
> }
> + if (s->queue_size > VIRTQUEUE_MAX_SIZE) {
> + error_setg(errp, "vhost-user-blk: queue size must not exceed %d",
> + VIRTQUEUE_MAX_SIZE);
> + return;
> + }
>
> if (!vhost_user_init(&s->vhost_user, &s->chardev, errp)) {
> return;
> --
> 2.30.2
>
On 4/13/21 6:56 PM, Kevin Wolf wrote: > virtio_add_queue() aborts when queue_size > VIRTQUEUE_MAX_SIZE, so > vhost_user_blk_device_realize() should check this before calling it. > > Simple reproducer: > > qemu-system-x86_64 \ > -chardev null,id=foo \ > -device vhost-user-blk-pci,queue-size=4096,chardev=foo > > Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935014 > Signed-off-by: Kevin Wolf <kwolf@redhat.com> > --- > hw/block/vhost-user-blk.c | 5 +++++ > 1 file changed, 5 insertions(+) Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
© 2016 - 2026 Red Hat, Inc.