On Tue, 20 Sep 2016 11:26:57 +0200
Greg Kurz <gr...@kaod.org> wrote:

> Stefan's series still applies on the current head, except the virtio_config.h
> patch which isn't needed anymore.

I went through the patches, series generally looks good to me.

> 
> And indeed there are a bunch of places where QEMU exits:

Most of which should be converted to virtio_error(), except...

> 
> [greg@bahia qemu-virtio]$ git grep 'exit(1)' hw/virtio hw/*/virtio*
> hw/block/virtio-blk.c:        exit(1);
> hw/block/virtio-blk.c:        exit(1);
> hw/block/virtio-blk.c:        exit(1);
> hw/net/virtio-net.c:            exit(1);
> hw/net/virtio-net.c:            exit(1);
> hw/net/virtio-net.c:            exit(1);
> hw/net/virtio-net.c:            exit(1);
> hw/net/virtio-net.c:                exit(1);
> hw/scsi/virtio-scsi-dataplane.c:        exit(1);

...this one, which tests for a host misconfiguration, and...

> hw/scsi/virtio-scsi.c:    exit(1);
> hw/scsi/virtio-scsi.c:        exit(1);

...this one, which is a migration stream problem.

> hw/scsi/virtio-scsi.c:        exit(1);
> hw/virtio/virtio.c:        exit(1);
> hw/virtio/virtio.c:            exit(1);
> hw/virtio/virtio.c:            exit(1);
> hw/virtio/virtio.c:        exit(1);
> 
> And also even more places with assert() or BUG_ON(), some of which are
> guest errors actually.

Yes. Let's tackle them piece-by-piece.

> 
> For example, in virtio-9p, we have:
> 
> static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq)
> {
> ...
>         len = iov_to_buf(elem->out_sg, elem->out_num, 0,
>                           &out, sizeof out);
>         BUG_ON(len != sizeof out);
> ...
> }
> 
> The condition may only be true if the guest sent less than the expected
> 9P message header which is 7-byte long.
> 
> I have a patch for this based on Stefan's series BTW.

Cool.


Reply via email to