We leak cpu mappings when 1st s/g is not exactly the
header. As we don't set ANY_LAYOUT, we can at this point
simply assert the correct length.
This will have to be fixed once ANY_LAYOUT is set.
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
---
Untested: posting for early feedback.
hw/block/virtio-blk.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c
index b19b102..1404b3f 100644
--- a/hw/block/virtio-blk.c
+++ b/hw/block/virtio-blk.c
@@ -381,6 +381,12 @@ void virtio_blk_handle_request(VirtIOBlockReq *req,
MultiReqBuffer *mrb)
exit(1);
}
+ /* We don't advertize ANY_LAYOUT, so first s/g is exactly the header. */
+ if (iov[0].iov_len != sizeof(req->out)) {
+ error_report("virtio-blk request outhdr too long");
+ exit(1);
+ }
+
iov_discard_front(&iov, &out_num, sizeof(req->out));
if (in_num < 1 ||
--
MST
