33
33
#include <stdlib.h>
34
34
#include <string.h>
35
35
#include <unistd.h>
36
- #include <assert.h>
37
36
#include <openssl/md5.h>
38
37
#include <pthread.h>
39
38
#include <sys/ioctl.h>
@@ -345,11 +344,17 @@ rx_iov_trim(struct iovec *iov, int *niov, int tlen)
345
344
struct iovec * riov ;
346
345
347
346
/* XXX short-cut: assume first segment is >= tlen */
348
- assert (iov [0 ].iov_len >= tlen );
347
+ if (iov [0 ].iov_len < tlen ) {
348
+ WPRINTF (("vtnet: rx_iov_trim: iov_len=%lu, tlen=%d\n" , iov [0 ].iov_len , tlen ));
349
+ return NULL ;
350
+ }
349
351
350
352
iov [0 ].iov_len -= tlen ;
351
353
if (iov [0 ].iov_len == 0 ) {
352
- assert (* niov > 1 );
354
+ if (* niov <= 1 ) {
355
+ WPRINTF (("vtnet: rx_iov_trim: *niov=%d\n" , * niov ));
356
+ return NULL ;
357
+ }
353
358
* niov -= 1 ;
354
359
riov = & iov [1 ];
355
360
} else {
@@ -373,7 +378,10 @@ virtio_net_tap_rx(struct virtio_net *net)
373
378
/*
374
379
* Should never be called without a valid tap fd
375
380
*/
376
- assert (net -> tapfd != -1 );
381
+ if (net -> tapfd == -1 ) {
382
+ WPRINTF (("vtnet: tapfd == -1\n" ));
383
+ return ;
384
+ }
377
385
378
386
/*
379
387
* But, will be called when the rx ring hasn't yet
@@ -410,14 +418,18 @@ virtio_net_tap_rx(struct virtio_net *net)
410
418
* Get descriptor chain.
411
419
*/
412
420
n = vq_getchain (vq , & idx , iov , VIRTIO_NET_MAXSEGS , NULL );
413
- assert (n >= 1 && n <= VIRTIO_NET_MAXSEGS );
414
-
421
+ if (n < 1 || n > VIRTIO_NET_MAXSEGS ) {
422
+ WPRINTF (("vtnet: virtio_net_tap_rx: vq_getchain = %d\n" , n ));
423
+ return ;
424
+ }
415
425
/*
416
426
* Get a pointer to the rx header, and use the
417
427
* data immediately following it for the packet buffer.
418
428
*/
419
429
vrx = iov [0 ].iov_base ;
420
430
riov = rx_iov_trim (iov , & n , net -> rx_vhdrlen );
431
+ if (riov == NULL )
432
+ return ;
421
433
422
434
len = readv (net -> tapfd , riov , n );
423
435
@@ -495,7 +507,10 @@ virtio_net_proctx(struct virtio_net *net, struct virtio_vq_info *vq)
495
507
* up two lengths: packet length and transfer length.
496
508
*/
497
509
n = vq_getchain (vq , & idx , iov , VIRTIO_NET_MAXSEGS , NULL );
498
- assert (n >= 1 && n <= VIRTIO_NET_MAXSEGS );
510
+ if (n < 1 || n > VIRTIO_NET_MAXSEGS ) {
511
+ WPRINTF (("vtnet: virtio_net_proctx: vq_getchain = %d\n" , n ));
512
+ return ;
513
+ }
499
514
plen = 0 ;
500
515
tlen = iov [0 ].iov_len ;
501
516
for (i = 1 ; i < n ; i ++ ) {
@@ -537,18 +552,15 @@ virtio_net_tx_thread(void *param)
537
552
{
538
553
struct virtio_net * net = param ;
539
554
struct virtio_vq_info * vq = & net -> queues [VIRTIO_NET_TXQ ];
540
- int error ;
541
555
542
556
/*
543
557
* Let us wait till the tx queue pointers get initialised &
544
558
* first tx signaled
545
559
*/
546
560
pthread_mutex_lock (& net -> tx_mtx );
547
561
548
- while (!net -> closing && !vq_ring_ready (vq )) {
549
- error = pthread_cond_wait (& net -> tx_cond , & net -> tx_mtx );
550
- assert (error == 0 );
551
- }
562
+ while (!net -> closing && !vq_ring_ready (vq ))
563
+ pthread_cond_wait (& net -> tx_cond , & net -> tx_mtx );
552
564
553
565
if (net -> closing ) {
554
566
WPRINTF (("vtnet tx thread closing...\n" ));
@@ -572,8 +584,8 @@ virtio_net_tx_thread(void *param)
572
584
if (!net -> resetting && vq_has_descs (vq ))
573
585
break ;
574
586
575
- error = pthread_cond_wait (& net -> tx_cond , & net -> tx_mtx );
576
- assert ( error == 0 );
587
+ pthread_cond_wait (& net -> tx_cond , & net -> tx_mtx );
588
+
577
589
if (net -> closing ) {
578
590
WPRINTF (("vtnet tx thread closing...\n" ));
579
591
pthread_mutex_unlock (& net -> tx_mtx );
@@ -901,7 +913,10 @@ virtio_net_cfgwrite(void *vdev, int offset, int size, uint32_t value)
901
913
void * ptr ;
902
914
903
915
if (offset < 6 ) {
904
- assert (offset + size <= 6 );
916
+ if (offset + size > 6 ) {
917
+ DPRINTF (("vtnet: wrong params offset=%d, size=%d, ignore write mac address\n\r" , offset , size ));
918
+ return -1 ;
919
+ }
905
920
/*
906
921
* The driver is allowed to change the MAC address
907
922
*/
0 commit comments