[PULL 09/32] libvhost-user: Add vu_add_mem

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 09/32] libvhost-user: Add vu_add_mem_reg input validation

From:	Michael S. Tsirkin
Subject:	[PULL 09/32] libvhost-user: Add vu_add_mem_reg input validation
Date:	Fri, 4 Feb 2022 20:42:58 -0500

From: Raphael Norwitz <raphael.norwitz@nutanix.com>

Today if multiple FDs are sent from the VMM to the backend in a
VHOST_USER_ADD_MEM_REG message, one FD will be mapped and the remaining
FDs will be leaked. Therefore if multiple FDs are sent we report an
error and fail the operation, closing all FDs in the message.

Likewise in case the VMM sends a message with a size less than that
of a memory region descriptor, we add a check to gracefully report an
error and fail the operation rather than crashing.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20220117041050.19718-3-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
---
 subprojects/libvhost-user/libvhost-user.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/subprojects/libvhost-user/libvhost-user.c 
b/subprojects/libvhost-user/libvhost-user.c
index b09b1c269e..1a8fc9d600 100644
--- a/subprojects/libvhost-user/libvhost-user.c
+++ b/subprojects/libvhost-user/libvhost-user.c
@@ -690,6 +690,21 @@ vu_add_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
     VuDevRegion *dev_region = &dev->regions[dev->nregions];
     void *mmap_addr;
 
+    if (vmsg->fd_num != 1) {
+        vmsg_close_fds(vmsg);
+        vu_panic(dev, "VHOST_USER_ADD_MEM_REG received %d fds - only 1 fd "
+                      "should be sent for this message type", vmsg->fd_num);
+        return false;
+    }
+
+    if (vmsg->size < VHOST_USER_MEM_REG_SIZE) {
+        close(vmsg->fds[0]);
+        vu_panic(dev, "VHOST_USER_ADD_MEM_REG requires a message size of at "
+                      "least %d bytes and only %d bytes were received",
+                      VHOST_USER_MEM_REG_SIZE, vmsg->size);
+        return false;
+    }
+
     /*
      * If we are in postcopy mode and we receive a u64 payload with a 0 value
      * we know all the postcopy client bases have been received, and we
-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 00/32] virtio,pc: features, cleanups, fixes, Michael S. Tsirkin, 2022/02/04
- [PULL 01/32] cpuid: use unsigned for max cpuid, Michael S. Tsirkin, 2022/02/04
- [PULL 02/32] hw/i386: Add the possibility to disable the 'isapc' machine, Michael S. Tsirkin, 2022/02/04
- [PULL 03/32] tests: acpi: manually pad OEM_ID/OEM_TABLE_ID for test_oem_fields() test, Michael S. Tsirkin, 2022/02/04
- [PULL 04/32] tests: acpi: whitelist nvdimm's SSDT and FACP.slic expected blobs, Michael S. Tsirkin, 2022/02/04
- [PULL 05/32] acpi: fix OEM ID/OEM Table ID padding, Michael S. Tsirkin, 2022/02/04
- [PULL 07/32] tests: acpi: test short OEM_ID/OEM_TABLE_ID values in test_oem_fields(), Michael S. Tsirkin, 2022/02/04
- [PULL 10/32] libvhost-user: Simplify VHOST_USER_REM_MEM_REG, Michael S. Tsirkin, 2022/02/04
- [PULL 14/32] libvhost-user: Map shared RAM with MAP_NORESERVE to support virtio-mem with hugetlb, Michael S. Tsirkin, 2022/02/04
- [PULL 12/32] libvhost-user: prevent over-running max RAM slots, Michael S. Tsirkin, 2022/02/04
- [PULL 09/32] libvhost-user: Add vu_add_mem_reg input validation, Michael S. Tsirkin <=
- [PULL 13/32] libvhost-user: handle removal of identical regions, Michael S. Tsirkin, 2022/02/04
- [PULL 18/32] qmp: add QMP command x-query-virtio-status, Michael S. Tsirkin, 2022/02/04
- [PULL 27/32] ACPI ERST: build the ACPI ERST table, Michael S. Tsirkin, 2022/02/04
- [PULL 23/32] ACPI ERST: bios-tables-test.c steps 1 and 2, Michael S. Tsirkin, 2022/02/04
- [PULL 06/32] tests: acpi: update expected blobs, Michael S. Tsirkin, 2022/02/04
- [PULL 11/32] libvhost-user: fix VHOST_USER_REM_MEM_REG not closing the fd, Michael S. Tsirkin, 2022/02/04
- [PULL 16/32] virtio: add vhost support for virtio devices, Michael S. Tsirkin, 2022/02/04
- [PULL 24/32] ACPI ERST: PCI device_id for ERST, Michael S. Tsirkin, 2022/02/04
- [PULL 22/32] hmp: add virtio commands, Michael S. Tsirkin, 2022/02/04
- [PULL 19/32] qmp: decode feature & status bits in virtio-status, Michael S. Tsirkin, 2022/02/04

Prev by Date: [PULL 12/32] libvhost-user: prevent over-running max RAM slots
Next by Date: [PULL 13/32] libvhost-user: handle removal of identical regions
Previous by thread: [PULL 12/32] libvhost-user: prevent over-running max RAM slots
Next by thread: [PULL 13/32] libvhost-user: handle removal of identical regions
Index(es):
- Date
- Thread