Re: [PATCH v3 2/6] libvhost-user: Add vu_add_mem

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 2/6] libvhost-user: Add vu_add_mem_reg input validation

From:	David Hildenbrand
Subject:	Re: [PATCH v3 2/6] libvhost-user: Add vu_add_mem_reg input validation
Date:	Mon, 17 Jan 2022 09:19:47 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0

On 17.01.22 05:12, Raphael Norwitz wrote:
> Today if multiple FDs are sent from the VMM to the backend in a
> VHOST_USER_ADD_MEM_REG message, one FD will be mapped and the remaining
> FDs will be leaked. Therefore if multiple FDs are sent we report an
> error and fail the operation, closing all FDs in the message.
> 
> Likewise in case the VMM sends a message with a size less than that
> of a memory region descriptor, we add a check to gracefully report an
> error and fail the operation rather than crashing.
> 
> Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
> ---
>  subprojects/libvhost-user/libvhost-user.c | 15 +++++++++++++++
>  1 file changed, 15 insertions(+)
> 
> diff --git a/subprojects/libvhost-user/libvhost-user.c 
> b/subprojects/libvhost-user/libvhost-user.c
> index b09b1c269e..1a8fc9d600 100644
> --- a/subprojects/libvhost-user/libvhost-user.c
> +++ b/subprojects/libvhost-user/libvhost-user.c
> @@ -690,6 +690,21 @@ vu_add_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
>      VuDevRegion *dev_region = &dev->regions[dev->nregions];
>      void *mmap_addr;
>  
> +    if (vmsg->fd_num != 1) {
> +        vmsg_close_fds(vmsg);
> +        vu_panic(dev, "VHOST_USER_ADD_MEM_REG received %d fds - only 1 fd "
> +                      "should be sent for this message type", vmsg->fd_num);
> +        return false;
> +    }
> +
> +    if (vmsg->size < VHOST_USER_MEM_REG_SIZE) {
> +        close(vmsg->fds[0]);

Same comment as for patch #1

Reviewed-by: David Hildenbrand <david@redhat.com>


-- 
Thanks,

David / dhildenb

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v3 0/6] Clean up error handling in libvhost-user memory mapping, Raphael Norwitz, 2022/01/16
- [PATCH v3 1/6] libvhost-user: Add vu_rem_mem_reg input validation, Raphael Norwitz, 2022/01/16
  - Re: [PATCH v3 1/6] libvhost-user: Add vu_rem_mem_reg input validation, David Hildenbrand, 2022/01/17
- [PATCH v3 2/6] libvhost-user: Add vu_add_mem_reg input validation, Raphael Norwitz, 2022/01/16
  - Re: [PATCH v3 2/6] libvhost-user: Add vu_add_mem_reg input validation, David Hildenbrand <=
- [PATCH v3 3/6] libvhost-user: Simplify VHOST_USER_REM_MEM_REG, Raphael Norwitz, 2022/01/16
- [PATCH v3 5/6] libvhost-user: prevent over-running max RAM slots, Raphael Norwitz, 2022/01/16
  - Re: [PATCH v3 5/6] libvhost-user: prevent over-running max RAM slots, David Hildenbrand, 2022/01/17
    - Re: [PATCH v3 5/6] libvhost-user: prevent over-running max RAM slots, Philippe Mathieu-Daudé, 2022/01/17
- [PATCH v3 4/6] libvhost-user: fix VHOST_USER_REM_MEM_REG not closing the fd, Raphael Norwitz, 2022/01/16
- [PATCH v3 6/6] libvhost-user: handle removal of identical regions, Raphael Norwitz, 2022/01/16
  - Re: [PATCH v3 6/6] libvhost-user: handle removal of identical regions, David Hildenbrand, 2022/01/17

Prev by Date: Re: [PATCH v3 1/6] libvhost-user: Add vu_rem_mem_reg input validation
Next by Date: Re: [PATCH v3 5/6] libvhost-user: prevent over-running max RAM slots
Previous by thread: [PATCH v3 2/6] libvhost-user: Add vu_add_mem_reg input validation
Next by thread: [PATCH v3 3/6] libvhost-user: Simplify VHOST_USER_REM_MEM_REG
Index(es):
- Date
- Thread