From eaed483c1b3db1ac312116fca5d20c45b4b418b2 Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Thu, 23 Apr 2015 14:21:38 +0800 Subject: monitor: replace the magic number 255 with MAX_QUEUE_NUM This patch replace the magic number 255, and increase it to MAX_QUEUE_NUM which is maximum number of queues supported by a nic. Cc: Luiz Capitulino Signed-off-by: Jason Wang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- monitor.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 9f37700486..9d18b7f1d5 100644 --- a/monitor.c +++ b/monitor.c @@ -4472,10 +4472,11 @@ void set_link_completion(ReadLineState *rs, int nb_args, const char *str) len = strlen(str); readline_set_completion_index(rs, len); if (nb_args == 2) { - NetClientState *ncs[255]; + NetClientState *ncs[MAX_QUEUE_NUM]; int count, i; count = qemu_find_net_clients_except(NULL, ncs, - NET_CLIENT_OPTIONS_KIND_NONE, 255); + NET_CLIENT_OPTIONS_KIND_NONE, + MAX_QUEUE_NUM); for (i = 0; i < count; i++) { const char *name = ncs[i]->name; if (!strncmp(str, name, len)) { @@ -4491,7 +4492,7 @@ void set_link_completion(ReadLineState *rs, int nb_args, const char *str) void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str) { int len, count, i; - NetClientState *ncs[255]; + NetClientState *ncs[MAX_QUEUE_NUM]; if (nb_args != 2) { return; @@ -4500,7 +4501,7 @@ void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str) len = strlen(str); readline_set_completion_index(rs, len); count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NIC, - 255); + MAX_QUEUE_NUM); for (i = 0; i < count; i++) { QemuOpts *opts; const char *name = ncs[i]->name; @@ -4566,14 +4567,15 @@ void host_net_add_completion(ReadLineState *rs, int nb_args, const char *str) void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str) { - NetClientState *ncs[255]; + NetClientState *ncs[MAX_QUEUE_NUM]; int count, i, len; len = strlen(str); readline_set_completion_index(rs, len); if (nb_args == 2) { count = qemu_find_net_clients_except(NULL, ncs, - NET_CLIENT_OPTIONS_KIND_NONE, 255); + NET_CLIENT_OPTIONS_KIND_NONE, + MAX_QUEUE_NUM); for (i = 0; i < count; i++) { int id; char name[16]; @@ -4589,7 +4591,8 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str) return; } else if (nb_args == 3) { count = qemu_find_net_clients_except(NULL, ncs, - NET_CLIENT_OPTIONS_KIND_NIC, 255); + NET_CLIENT_OPTIONS_KIND_NIC, + MAX_QUEUE_NUM); for (i = 0; i < count; i++) { int id; const char *name; -- cgit v1.2.1 From bcfa4d60144fb879f0ffef0a6d174faa37b2df82 Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Thu, 23 Apr 2015 14:21:39 +0800 Subject: monitor: check return value of qemu_find_net_clients_except() qemu_find_net_clients_except() may return a value which is greater than the size of array we provided. So we should check this value before using it, otherwise this may cause unexpected memory access. This patch fixes the net related command completion when we have a virtio-net nic with more than 255 queues. Cc: Luiz Capitulino Signed-off-by: Jason Wang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- monitor.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'monitor.c') diff --git a/monitor.c b/monitor.c index 9d18b7f1d5..c902412f21 100644 --- a/monitor.c +++ b/monitor.c @@ -4477,7 +4477,7 @@ void set_link_completion(ReadLineState *rs, int nb_args, const char *str) count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NONE, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { const char *name = ncs[i]->name; if (!strncmp(str, name, len)) { readline_add_completion(rs, name); @@ -4502,7 +4502,7 @@ void netdev_del_completion(ReadLineState *rs, int nb_args, const char *str) readline_set_completion_index(rs, len); count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NIC, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { QemuOpts *opts; const char *name = ncs[i]->name; if (strncmp(str, name, len)) { @@ -4576,7 +4576,7 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str) count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NONE, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { int id; char name[16]; @@ -4593,7 +4593,7 @@ void host_net_remove_completion(ReadLineState *rs, int nb_args, const char *str) count = qemu_find_net_clients_except(NULL, ncs, NET_CLIENT_OPTIONS_KIND_NIC, MAX_QUEUE_NUM); - for (i = 0; i < count; i++) { + for (i = 0; i < MIN(count, MAX_QUEUE_NUM); i++) { int id; const char *name; -- cgit v1.2.1