virtio-pci: don't crash on illegal length

Some guests seem to access cfg with an illegal length value.
It's worth fixing them but debugging is easier if
qemu does not crash.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Michael S. Tsirkin 2015-07-13 10:32:50 +03:00
parent 8aedc369c6
commit 2a6391232f
1 changed files with 4 additions and 2 deletions

View File

@ -546,7 +546,8 @@ static void virtio_write_config(PCIDevice *pci_dev, uint32_t address,
off = le32_to_cpu(cfg->cap.offset);
len = le32_to_cpu(cfg->cap.length);
if (len <= sizeof cfg->pci_cfg_data) {
if (len == 1 || len == 2 || len == 4) {
assert(len <= sizeof cfg->pci_cfg_data);
virtio_address_space_write(&proxy->modern_as, off,
cfg->pci_cfg_data, len);
}
@ -570,7 +571,8 @@ static uint32_t virtio_read_config(PCIDevice *pci_dev,
off = le32_to_cpu(cfg->cap.offset);
len = le32_to_cpu(cfg->cap.length);
if (len <= sizeof cfg->pci_cfg_data) {
if (len == 1 || len == 2 || len == 4) {
assert(len <= sizeof cfg->pci_cfg_data);
virtio_address_space_read(&proxy->modern_as, off,
cfg->pci_cfg_data, len);
}