diff options
Diffstat (limited to 'src/VBox/Devices/VirtIO/VirtioCore.cpp')
| -rw-r--r-- | src/VBox/Devices/VirtIO/VirtioCore.cpp | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/VBox/Devices/VirtIO/VirtioCore.cpp b/src/VBox/Devices/VirtIO/VirtioCore.cpp index 3849aa7c..23ecf30c 100644 --- a/src/VBox/Devices/VirtIO/VirtioCore.cpp +++ b/src/VBox/Devices/VirtIO/VirtioCore.cpp @@ -897,6 +897,18 @@ int virtioCoreR3VirtqAvailBufGet(PPDMDEVINS pDevIns, PVIRTIOCORE pVirtio, uint16 } break; } + /* Check if the limit has been reached for input chain (see section 2.4.4.1 of virtio 1.0 spec). */ + if (cSegsIn >= RT_ELEMENTS(pVirtqBuf->aSegsIn)) + { + LogRelMax(64, ("Too many input descriptors (cSegsIn=%u).\n", cSegsIn)); + break; + } + /* Check if the limit has been reached for output chain (see section 2.4.4.1 of virtio 1.0 spec). */ + if (cSegsOut >= RT_ELEMENTS(pVirtqBuf->aSegsOut)) + { + LogRelMax(64, ("Too many output descriptors (cSegsOut=%u).\n", cSegsOut)); + break; + } RT_UNTRUSTED_VALIDATED_FENCE(); virtioReadDesc(pDevIns, pVirtio, pVirtq, uDescIdx, &desc); @@ -1936,7 +1948,7 @@ static DECLCALLBACK(VBOXSTRICTRC) virtioMmioRead(PPDMDEVINS pDevIns, void *pvUse { PVIRTIOCORE pVirtio = PDMINS_2_DATA(pDevIns, PVIRTIOCORE); PVIRTIOCORECC pVirtioCC = PDMINS_2_DATA_CC(pDevIns, PVIRTIOCORECC); - AssertReturn(cb == 1 || cb == 2 || cb == 4, VERR_INVALID_PARAMETER); + AssertReturn(cb == 1 || cb == 2 || cb == 4, VINF_IOM_MMIO_UNUSED_FF); Assert(pVirtio == (PVIRTIOCORE)pvUser); RT_NOREF(pvUser); STAM_PROFILE_ADV_START(&pVirtio->CTX_SUFF(StatRead), a); @@ -1994,6 +2006,7 @@ static DECLCALLBACK(VBOXSTRICTRC) virtioMmioRead(PPDMDEVINS pDevIns, void *pvUse ASSERT_GUEST_MSG_FAILED(("Bad read access to mapped capabilities region: off=%RGp cb=%u\n", off, cb)); STAM_PROFILE_ADV_STOP(&pVirtio->CTX_SUFF(StatRead), a); + memset(pv, 0xFF, cb); int rc = PDMDevHlpDBGFStop(pDevIns, RT_SRC_POS, "virtioMmioRead: Bad MMIO access to capabilities, offset=%RTiop cb=%08x\n", off, cb); return rc; |