From 925c0124d8948ca9e2b9db5e5415beff758c752d Mon Sep 17 00:00:00 2001 From: Fam Zheng Date: Tue, 4 Nov 2014 03:06:41 +0100 Subject: [PATCH 7/9] virtio-scsi: Fix num_queue input validation Message-id: <1415070401-21222-4-git-send-email-famz@redhat.com> Patchwork-id: 62062 O-Subject: [RHEL-7.1 qemu-kvm PATCH v2 3/3] virtio-scsi: Fix num_queue input validation Bugzilla: 1089606 RH-Acked-by: Markus Armbruster RH-Acked-by: Paolo Bonzini RH-Acked-by: Max Reitz We need to count the ctrlq and eventq, and also cleanup before returning. Besides, the format string should be unsigned. The number could never be less than zero. Signed-off-by: Fam Zheng Signed-off-by: Paolo Bonzini (cherry picked from commit 0ba1f53191221b541b938df86a39eeccfb87f996) Signed-off-by: Fam Zheng Signed-off-by: Miroslav Rezanina Conflicts: hw/scsi/virtio-scsi.c Straightforward resolution. --- hw/scsi/virtio-scsi.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 13df89d..cda8f8a 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -605,10 +605,11 @@ int virtio_scsi_common_init(VirtIOSCSICommon *s) virtio_init(VIRTIO_DEVICE(s), "virtio-scsi", VIRTIO_ID_SCSI, sizeof(VirtIOSCSIConfig)); - if (s->conf.num_queues <= 0 || s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX) { - error_report("Invalid number of queues (= %" PRId32 "), " + if (s->conf.num_queues == 0 || + s->conf.num_queues > VIRTIO_PCI_QUEUE_MAX - 2) { + error_report("Invalid number of queues (= %" PRIu32 "), " "must be a positive integer less than %d.", - s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX); + s->conf.num_queues, VIRTIO_PCI_QUEUE_MAX - 2); virtio_cleanup(vdev); return -1; } -- 1.8.3.1