Re: [Qemu-devel] [PATCH 3/8] virtio: Add support for guest setting of queue size

2013-07-09 Thread Peter Maydell 
On 8 July 2013 20:39, Anthony Liguori aligu...@us.ibm.com wrote:
 Peter Maydell peter.mayd...@linaro.org writes:
 +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num)
 +{
 +vdev-vq[n].vring.num = num;
 +virtqueue_init(vdev-vq[n]);

 I think some level of checking is probably needed on num since we do a
 tremendous amount of math on it.  I doubt it's exploitable since it's
 always treated as a PA, but better to be safe than sorry.

So at the moment we do that in the transport:

+if (value = VIRTQUEUE_MAX_SIZE) {
+DPRINTF(calling virtio_queue_set_num\n);
+virtio_queue_set_num(vdev, vdev-queue_sel, value);
+}

but I agree it would be better done here in the generic code.

-- PMM

Re: [Qemu-devel] [PATCH 3/8] virtio: Add support for guest setting of queue size

2013-07-08 Thread Anthony Liguori 
Peter Maydell peter.mayd...@linaro.org writes:

 The MMIO virtio transport spec allows the guest to tell the host how
 large the queue size is. Add virtio_queue_set_num() function which
 implements this in the QEMU common virtio support code.

 Signed-off-by: Peter Maydell peter.mayd...@linaro.org
 ---
  hw/virtio/virtio.c |6 ++
  include/hw/virtio/virtio.h |1 +
  2 files changed, 7 insertions(+)

 diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c
 index 8176c14..8805b8a 100644
 --- a/hw/virtio/virtio.c
 +++ b/hw/virtio/virtio.c
 @@ -667,6 +667,12 @@ hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n)
  return vdev-vq[n].pa;
  }
  
 +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num)
 +{
 +vdev-vq[n].vring.num = num;
 +virtqueue_init(vdev-vq[n]);

I think some level of checking is probably needed on num since we do a
tremendous amount of math on it.  I doubt it's exploitable since it's
always treated as a PA, but better to be safe than sorry.

Regards,

Anthony Liguori

 +}
 +
  int virtio_queue_get_num(VirtIODevice *vdev, int n)
  {
  return vdev-vq[n].vring.num;
 diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h
 index a6c5c53..95c4772 100644
 --- a/include/hw/virtio/virtio.h
 +++ b/include/hw/virtio/virtio.h
 @@ -198,6 +198,7 @@ void virtio_config_writew(VirtIODevice *vdev, uint32_t 
 addr, uint32_t data);
  void virtio_config_writel(VirtIODevice *vdev, uint32_t addr, uint32_t data);
  void virtio_queue_set_addr(VirtIODevice *vdev, int n, hwaddr addr);
  hwaddr virtio_queue_get_addr(VirtIODevice *vdev, int n);
 +void virtio_queue_set_num(VirtIODevice *vdev, int n, int num);
  int virtio_queue_get_num(VirtIODevice *vdev, int n);
  void virtio_queue_notify(VirtIODevice *vdev, int n);
  uint16_t virtio_queue_vector(VirtIODevice *vdev, int n);
 -- 
 1.7.9.5