scsi: pvscsi: check command descriptor ring buffer size (CVE-2016-4952)
[qemu.git] / util / qemu-coroutine-io.c
1 /*
2 * Coroutine-aware I/O functions
3 *
4 * Copyright (C) 2009-2010 Nippon Telegraph and Telephone Corporation.
5 * Copyright (c) 2011, Red Hat, Inc.
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25 #include "qemu/osdep.h"
26 #include "qemu-common.h"
27 #include "qemu/sockets.h"
28 #include "qemu/coroutine.h"
29 #include "qemu/iov.h"
30 #include "qemu/main-loop.h"
31
32 ssize_t coroutine_fn
33 qemu_co_sendv_recvv(int sockfd, struct iovec *iov, unsigned iov_cnt,
34 size_t offset, size_t bytes, bool do_send)
35 {
36 size_t done = 0;
37 ssize_t ret;
38 while (done < bytes) {
39 ret = iov_send_recv(sockfd, iov, iov_cnt,
40 offset + done, bytes - done, do_send);
41 if (ret > 0) {
42 done += ret;
43 } else if (ret < 0) {
44 if (errno == EAGAIN || errno == EWOULDBLOCK) {
45 qemu_coroutine_yield();
46 } else if (done == 0) {
47 return -errno;
48 } else {
49 break;
50 }
51 } else if (ret == 0 && !do_send) {
52 /* write (send) should never return 0.
53 * read (recv) returns 0 for end-of-file (-data).
54 * In both cases there's little point retrying,
55 * but we do for write anyway, just in case */
56 break;
57 }
58 }
59 return done;
60 }
61
62 ssize_t coroutine_fn
63 qemu_co_send_recv(int sockfd, void *buf, size_t bytes, bool do_send)
64 {
65 struct iovec iov = { .iov_base = buf, .iov_len = bytes };
66 return qemu_co_sendv_recvv(sockfd, &iov, 1, 0, bytes, do_send);
67 }
68
69 typedef struct {
70 Coroutine *co;
71 int fd;
72 } FDYieldUntilData;
73
74 static void fd_coroutine_enter(void *opaque)
75 {
76 FDYieldUntilData *data = opaque;
77 qemu_set_fd_handler(data->fd, NULL, NULL, NULL);
78 qemu_coroutine_enter(data->co, NULL);
79 }
80
81 void coroutine_fn yield_until_fd_readable(int fd)
82 {
83 FDYieldUntilData data;
84
85 assert(qemu_in_coroutine());
86 data.co = qemu_coroutine_self();
87 data.fd = fd;
88 qemu_set_fd_handler(fd, fd_coroutine_enter, NULL, &data);
89 qemu_coroutine_yield();
90 }