Greg Kurz <gr...@kaod.org> writes: > Calling assert() really makes sense when hitting a genuine bug, which calls > for a fix in QEMU. However, when something goes wrong because the guest > sends a malformed message, it is better to write down a more meaningul > error message and exit. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > --- > hw/9pfs/virtio-9p-device.c | 20 ++++++++++++++++++-- > 1 file changed, 18 insertions(+), 2 deletions(-) > > diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c > index 009b43f6d045..67059182645a 100644 > --- a/hw/9pfs/virtio-9p-device.c > +++ b/hw/9pfs/virtio-9p-device.c > @@ -19,6 +19,7 @@ > #include "coth.h" > #include "hw/virtio/virtio-access.h" > #include "qemu/iov.h" > +#include "qemu/error-report.h" > > void virtio_9p_push_and_notify(V9fsPDU *pdu) > { > @@ -35,6 +36,11 @@ void virtio_9p_push_and_notify(V9fsPDU *pdu) > virtio_notify(VIRTIO_DEVICE(v), v->vq); > } > > +static void virtio_9p_error(const char *msg) > +{ > + error_report("The virtio-9p driver in the guest has an issue: %s", msg); > +} > + > static void handle_9p_output(VirtIODevice *vdev, VirtQueue *vq) > { > V9fsVirtioState *v = (V9fsVirtioState *)vdev; > @@ -56,13 +62,23 @@ static void handle_9p_output(VirtIODevice *vdev, > VirtQueue *vq) > break; > } > > - BUG_ON(elem->out_num == 0 || elem->in_num == 0); > + if (elem->out_num == 0) { > + virtio_9p_error("missing VirtFS request's header"); > + exit(1); > + }
Can the guest trigger this? > + if (elem->in_num == 0) { > + virtio_9p_error("missing VirtFS reply's header"); > + exit(1); > + } Same question. > QEMU_BUILD_BUG_ON(sizeof out != 7); > > v->elems[pdu->idx] = elem; > len = iov_to_buf(elem->out_sg, elem->out_num, 0, > &out, sizeof out); > - BUG_ON(len != sizeof out); > + if (len != sizeof out) { > + virtio_9p_error("malformed VirtFS request"); > + exit(1); > + } Same question. > > pdu->size = le32_to_cpu(out.size_le); >