[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL v2 30/30] Fixed assert in vhost_user_set_mem_table_postcopy
From: |
Michael S. Tsirkin |
Subject: |
[PULL v2 30/30] Fixed assert in vhost_user_set_mem_table_postcopy |
Date: |
Wed, 26 Feb 2020 04:08:04 -0500 |
From: Raphael Norwitz <address@hidden>
The current vhost_user_set_mem_table_postcopy() implementation
populates each region of the VHOST_USER_SET_MEM_TABLE message without
first checking if there are more than VHOST_MEMORY_MAX_NREGIONS already
populated. This can cause memory corruption if too many regions are
added to the message during the postcopy step.
This change moves an existing assert up such that attempting to
construct a VHOST_USER_SET_MEM_TABLE message with too many memory
regions will gracefully bring down qemu instead of corrupting memory.
Signed-off-by: Raphael Norwitz <address@hidden>
Signed-off-by: Peter Turschmid <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Michael S. Tsirkin <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
hw/virtio/vhost-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 35baf4f347..08e7e63790 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -443,6 +443,7 @@ static int vhost_user_set_mem_table_postcopy(struct
vhost_dev *dev,
&offset);
fd = memory_region_get_fd(mr);
if (fd > 0) {
+ assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
trace_vhost_user_set_mem_table_withfd(fd_num, mr->name,
reg->memory_size,
reg->guest_phys_addr,
@@ -455,7 +456,6 @@ static int vhost_user_set_mem_table_postcopy(struct
vhost_dev *dev,
msg.payload.memory.regions[fd_num].guest_phys_addr =
reg->guest_phys_addr;
msg.payload.memory.regions[fd_num].mmap_offset = offset;
- assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
fds[fd_num++] = fd;
} else {
u->region_rb_offset[i] = 0;
--
MST
- [PULL v2 20/30] hw/arm/virt: Add the virtio-iommu device tree mappings, (continued)
- [PULL v2 20/30] hw/arm/virt: Add the virtio-iommu device tree mappings, Michael S. Tsirkin, 2020/02/26
- [PULL v2 21/30] MAINTAINERS: add virtio-iommu related files, Michael S. Tsirkin, 2020/02/26
- [PULL v2 22/30] libvhost-user: implement VHOST_USER_PROTOCOL_F_REPLY_ACK, Michael S. Tsirkin, 2020/02/26
- [PULL v2 23/30] libvhost-user-glib: fix VugDev main fd cleanup, Michael S. Tsirkin, 2020/02/26
- [PULL v2 24/30] libvhost-user-glib: use g_main_context_get_thread_default(), Michael S. Tsirkin, 2020/02/26
- [PULL v2 25/30] libvhost-user: handle NOFD flag in call/kick/err better, Michael S. Tsirkin, 2020/02/26
- [PULL v2 26/30] docs: vhost-user: add in-band kick/call messages, Michael S. Tsirkin, 2020/02/26
- [PULL v2 27/30] libvhost-user: implement in-band notifications, Michael S. Tsirkin, 2020/02/26
- [PULL v2 28/30] acpi: cpuhp: document CPHP_GET_CPU_ID_CMD command, Michael S. Tsirkin, 2020/02/26
- [PULL v2 29/30] vhost-user: only set slave channel for first vq, Michael S. Tsirkin, 2020/02/26
- [PULL v2 30/30] Fixed assert in vhost_user_set_mem_table_postcopy,
Michael S. Tsirkin <=
- Re: [PULL v2 00/30] virtio, pc: fixes, features, Michael S. Tsirkin, 2020/02/27