[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 32/32] Fixed assert in vhost_user_set_mem_table_postcopy
|
From: |
Michael S. Tsirkin |
|
Subject: |
[PULL 32/32] Fixed assert in vhost_user_set_mem_table_postcopy |
|
Date: |
Tue, 25 Feb 2020 10:15:08 -0500 |
From: Raphael Norwitz <address@hidden>
The current vhost_user_set_mem_table_postcopy() implementation
populates each region of the VHOST_USER_SET_MEM_TABLE message without
first checking if there are more than VHOST_MEMORY_MAX_NREGIONS already
populated. This can cause memory corruption if too many regions are
added to the message during the postcopy step.
This change moves an existing assert up such that attempting to
construct a VHOST_USER_SET_MEM_TABLE message with too many memory
regions will gracefully bring down qemu instead of corrupting memory.
Signed-off-by: Raphael Norwitz <address@hidden>
Signed-off-by: Peter Turschmid <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/virtio/vhost-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 35baf4f347..08e7e63790 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -443,6 +443,7 @@ static int vhost_user_set_mem_table_postcopy(struct
vhost_dev *dev,
&offset);
fd = memory_region_get_fd(mr);
if (fd > 0) {
+ assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
trace_vhost_user_set_mem_table_withfd(fd_num, mr->name,
reg->memory_size,
reg->guest_phys_addr,
@@ -455,7 +456,6 @@ static int vhost_user_set_mem_table_postcopy(struct
vhost_dev *dev,
msg.payload.memory.regions[fd_num].guest_phys_addr =
reg->guest_phys_addr;
msg.payload.memory.regions[fd_num].mmap_offset = offset;
- assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
fds[fd_num++] = fd;
} else {
u->region_rb_offset[i] = 0;
--
MST
- [PULL 20/32] hw/arm/virt: Add the virtio-iommu device tree mappings, (continued)
- [PULL 20/32] hw/arm/virt: Add the virtio-iommu device tree mappings, Michael S. Tsirkin, 2020/02/25
- [PULL 21/32] MAINTAINERS: add virtio-iommu related files, Michael S. Tsirkin, 2020/02/25
- [PULL 23/32] libvhost-user-glib: fix VugDev main fd cleanup, Michael S. Tsirkin, 2020/02/25
- [PULL 24/32] libvhost-user-glib: use g_main_context_get_thread_default(), Michael S. Tsirkin, 2020/02/25
- [PULL 25/32] libvhost-user: handle NOFD flag in call/kick/err better, Michael S. Tsirkin, 2020/02/25
- [PULL 27/32] libvhost-user: implement in-band notifications, Michael S. Tsirkin, 2020/02/25
- [PULL 28/32] acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command, Michael S. Tsirkin, 2020/02/25
- [PULL 29/32] vhost-user: only set slave channel for first vq, Michael S. Tsirkin, 2020/02/25
- [PULL 30/32] tests/vhost-user-bridge: move to contrib/, Michael S. Tsirkin, 2020/02/25
- [PULL 31/32] virtiofsd: add it to the tools list, Michael S. Tsirkin, 2020/02/25
- [PULL 32/32] Fixed assert in vhost_user_set_mem_table_postcopy,
Michael S. Tsirkin <=
- [PULL 22/32] libvhost-user: implement VHOST_USER_PROTOCOL_F_REPLY_ACK, Michael S. Tsirkin, 2020/02/25
- [PULL 14/32] virtio-iommu: Implement attach/detach command, Michael S. Tsirkin, 2020/02/25
- [PULL 26/32] docs: vhost-user: add in-band kick/call messages, Michael S. Tsirkin, 2020/02/25
- Re: [PULL 00/32] virtio, pc: fixes, features, Peter Maydell, 2020/02/25
- Re: [PULL 00/32] virtio, pc: fixes, features, no-reply, 2020/02/25