From 96647a898d62d699808316238dfb933d960413f2 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 00:55:46 +0200
Subject: Merging upstream version 7.0.16-dfsg.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/VBox/Devices/VirtIO/VirtioCore.cpp | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'src/VBox/Devices/VirtIO/VirtioCore.cpp')

diff --git a/src/VBox/Devices/VirtIO/VirtioCore.cpp b/src/VBox/Devices/VirtIO/VirtioCore.cpp
index 3849aa7c..23ecf30c 100644
--- a/src/VBox/Devices/VirtIO/VirtioCore.cpp
+++ b/src/VBox/Devices/VirtIO/VirtioCore.cpp
@@ -897,6 +897,18 @@ int virtioCoreR3VirtqAvailBufGet(PPDMDEVINS pDevIns, PVIRTIOCORE pVirtio, uint16
             }
             break;
         }
+        /* Check if the limit has been reached for input chain (see section 2.4.4.1 of virtio 1.0 spec). */
+        if (cSegsIn >= RT_ELEMENTS(pVirtqBuf->aSegsIn))
+        {
+            LogRelMax(64, ("Too many input descriptors (cSegsIn=%u).\n", cSegsIn));
+            break;
+        }
+        /* Check if the limit has been reached for output chain (see section 2.4.4.1 of virtio 1.0 spec). */
+        if (cSegsOut >= RT_ELEMENTS(pVirtqBuf->aSegsOut))
+        {
+            LogRelMax(64, ("Too many output descriptors (cSegsOut=%u).\n", cSegsOut));
+            break;
+        }
         RT_UNTRUSTED_VALIDATED_FENCE();
 
         virtioReadDesc(pDevIns, pVirtio, pVirtq, uDescIdx, &desc);
@@ -1936,7 +1948,7 @@ static DECLCALLBACK(VBOXSTRICTRC) virtioMmioRead(PPDMDEVINS pDevIns, void *pvUse
 {
     PVIRTIOCORE   pVirtio   = PDMINS_2_DATA(pDevIns, PVIRTIOCORE);
     PVIRTIOCORECC pVirtioCC = PDMINS_2_DATA_CC(pDevIns, PVIRTIOCORECC);
-    AssertReturn(cb == 1 || cb == 2 || cb == 4, VERR_INVALID_PARAMETER);
+    AssertReturn(cb == 1 || cb == 2 || cb == 4, VINF_IOM_MMIO_UNUSED_FF);
     Assert(pVirtio == (PVIRTIOCORE)pvUser); RT_NOREF(pvUser);
     STAM_PROFILE_ADV_START(&pVirtio->CTX_SUFF(StatRead), a);
 
@@ -1994,6 +2006,7 @@ static DECLCALLBACK(VBOXSTRICTRC) virtioMmioRead(PPDMDEVINS pDevIns, void *pvUse
 
     ASSERT_GUEST_MSG_FAILED(("Bad read access to mapped capabilities region: off=%RGp cb=%u\n", off, cb));
     STAM_PROFILE_ADV_STOP(&pVirtio->CTX_SUFF(StatRead), a);
+    memset(pv, 0xFF, cb);
     int rc = PDMDevHlpDBGFStop(pDevIns, RT_SRC_POS,
                 "virtioMmioRead: Bad MMIO access to capabilities, offset=%RTiop cb=%08x\n", off, cb);
     return rc;
-- 
cgit v1.2.3