ivshmem: error on too many eventfd received

The number of eventfd that can be handled per peer is limited by the
number of vectors. Return an error when receiving too many of them.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Claudio Fontana <claudio.fontana@huawei.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 0e31d1d44c..d5207eecc1 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -571,6 +571,13 @@ static void ivshmem_read(void *opaque, const uint8_t *buf, int size)
     /* each peer has an associated array of eventfds, and we keep
      * track of how many eventfds received so far */
     /* get a new eventfd: */
+    if (peer->nb_eventfds >= s->vectors) {
+        error_report("Too many eventfd received, device has %d vectors",
+                     s->vectors);
+        close(incoming_fd);
+        return;
+    }
+
     new_eventfd = peer->nb_eventfds++;
 
     /* this is an eventfd for a particular peer VM */