[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v5 48/50] multi-process: Validate incoming commands from Proxy
|
From: |
Jagannathan Raman |
|
Subject: |
[PATCH v5 48/50] multi-process: Validate incoming commands from Proxy |
|
Date: |
Mon, 24 Feb 2020 15:55:39 -0500 |
From: Elena Ufimtseva <address@hidden>
Validate the incoming commands to confirm that they would not cause any
errors in the remote process.
Signed-off-by: Elena Ufimtseva <address@hidden>
Signed-off-by: Jagannathan Raman <address@hidden>
Signed-off-by: John G Johnson <address@hidden>
---
hw/proxy/qemu-proxy.c | 6 +++-
include/io/mpqemu-link.h | 2 ++
io/mpqemu-link.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++-
remote/remote-main.c | 4 +++
4 files changed, 85 insertions(+), 2 deletions(-)
diff --git a/hw/proxy/qemu-proxy.c b/hw/proxy/qemu-proxy.c
index 4d4eff4..7330094 100644
--- a/hw/proxy/qemu-proxy.c
+++ b/hw/proxy/qemu-proxy.c
@@ -868,7 +868,11 @@ static void send_bar_access_msg(PCIProxyDev *dev,
MemoryRegion *mr,
mpqemu_msg_recv(&ret, mpqemu_link->mmio);
- *val = ret.data1.mmio_ret.val;
+ if (!mpqemu_msg_valid(&ret)) {
+ *val = 0;
+ } else {
+ *val = ret.data1.mmio_ret.val;
+ }
}
void proxy_default_bar_write(void *opaque, hwaddr addr, uint64_t val,
diff --git a/include/io/mpqemu-link.h b/include/io/mpqemu-link.h
index 722f08c..2f44f31 100644
--- a/include/io/mpqemu-link.h
+++ b/include/io/mpqemu-link.h
@@ -213,4 +213,6 @@ void mpqemu_start_coms(MPQemuLinkState *s);
uint64_t wait_for_remote(int efd);
void notify_proxy(int fd, uint64_t val);
+bool mpqemu_msg_valid(MPQemuMsg *msg);
+
#endif
diff --git a/io/mpqemu-link.c b/io/mpqemu-link.c
index 07a9be9..298bb58 100644
--- a/io/mpqemu-link.c
+++ b/io/mpqemu-link.c
@@ -65,7 +65,7 @@ void mpqemu_link_finalize(MPQemuLinkState *s)
void mpqemu_msg_send(MPQemuMsg *msg, MPQemuChannel *chan)
{
int rc;
- uint8_t *data;
+ uint8_t *data = NULL;
union {
char control[CMSG_SPACE(REMOTE_MAX_FDS * sizeof(int))];
struct cmsghdr align;
@@ -335,3 +335,76 @@ void mpqemu_start_coms(MPQemuLinkState *s)
g_main_loop_run(s->loop);
}
+
+bool mpqemu_msg_valid(MPQemuMsg *msg)
+{
+ if (msg->cmd >= MAX) {
+ return false;
+ }
+
+ if (msg->bytestream) {
+ if (!msg->data2) {
+ return false;
+ }
+ } else {
+ if (msg->data2) {
+ return false;
+ }
+ }
+
+ /* Verify FDs. */
+ if (msg->num_fds >= REMOTE_MAX_FDS) {
+ return false;
+ }
+ if (msg->num_fds > 0) {
+ for (int i = 0; i < msg->num_fds; i++) {
+ if (fcntl(msg->fds[i], F_GETFL) == -1) {
+ return false;
+ }
+ }
+ }
+
+ /* Verify ID size. */
+ if (msg->id >= UINT64_MAX) {
+ return false;
+ }
+
+ /* Verify message specific fields. */
+ switch (msg->cmd) {
+ case SYNC_SYSMEM:
+ if (msg->num_fds == 0 || msg->bytestream != 0) {
+ return false;
+ }
+ if (msg->size != sizeof(msg->data1)) {
+ return false;
+ }
+ break;
+ case PCI_CONFIG_WRITE:
+ case PCI_CONFIG_READ:
+ if (msg->size != sizeof(struct conf_data_msg)) {
+ return false;
+ }
+ break;
+ case BAR_WRITE:
+ case BAR_READ:
+ case SET_IRQFD:
+ case MMIO_RETURN:
+ case DEVICE_RESET:
+ case RUNSTATE_SET:
+ if (msg->size != sizeof(msg->data1)) {
+ return false;
+ }
+ break;
+ case PROXY_PING:
+ case START_MIG_OUT:
+ case START_MIG_IN:
+ if (msg->size != 0) {
+ return false;
+ }
+ break;
+ default:
+ break;
+ }
+
+ return true;
+}
diff --git a/remote/remote-main.c b/remote/remote-main.c
index 20d160e..c4aa3e0 100644
--- a/remote/remote-main.c
+++ b/remote/remote-main.c
@@ -435,6 +435,10 @@ static void process_msg(GIOCondition cond, MPQemuChannel
*chan)
if (msg->id > MAX_REMOTE_DEVICES) {
error_setg(&err, "id of the device is larger than max number of "\
"devices per remote process.");
+ }
+
+ if (!mpqemu_msg_valid(msg)) {
+ error_setg(&err, "Message is not valid");
goto finalize_loop;
}
--
1.8.3.1
- [PATCH v5 30/50] multi-process: send heartbeat messages to remote, (continued)
- [PATCH v5 30/50] multi-process: send heartbeat messages to remote, Jagannathan Raman, 2020/02/24
- [PATCH v5 31/50] multi-process: handle heartbeat messages in remote process, Jagannathan Raman, 2020/02/24
- [PATCH v5 38/50] multi-process/mon: Initialize QMP module for remote processes, Jagannathan Raman, 2020/02/24
- [PATCH v5 43/50] multi-process/mig: Load VMSD in the proxy object, Jagannathan Raman, 2020/02/24
- [PATCH v5 42/50] multi-process/mig: Send VMSD of remote to the Proxy object, Jagannathan Raman, 2020/02/24
- [PATCH v5 37/50] multi-process/mon: Refactor monitor/chardev functions out of vl.c, Jagannathan Raman, 2020/02/24
- [PATCH v5 36/50] multi-process/mon: enable QMP module support in the remote process, Jagannathan Raman, 2020/02/24
- [PATCH v5 45/50] multi-process/mig: Synchronize runstate of remote process, Jagannathan Raman, 2020/02/24
- [PATCH v5 46/50] multi-process/mig: Restore the VMSD in remote process, Jagannathan Raman, 2020/02/24
- [PATCH v5 39/50] multi-process: prevent duplicate memory initialization in remote, Jagannathan Raman, 2020/02/24
- [PATCH v5 48/50] multi-process: Validate incoming commands from Proxy,
Jagannathan Raman <=
- [PATCH v5 41/50] multi-process/mig: Enable VMSD save in the Proxy object, Jagannathan Raman, 2020/02/24
- [PATCH v5 50/50] multi-process: add configure and usage information, Jagannathan Raman, 2020/02/24
- [PATCH v5 40/50] multi-process/mig: build migration module in the remote process, Jagannathan Raman, 2020/02/24
- [PATCH v5 44/50] multi-process/mig: refactor runstate_check into common file, Jagannathan Raman, 2020/02/24
- [PATCH v5 47/50] multi-process: Enable support for multiple devices in remote, Jagannathan Raman, 2020/02/24