[PULL 08/32] libvhost-user: Add vu_rem_mem

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 08/32] libvhost-user: Add vu_rem_mem_reg input validation

From:	Michael S. Tsirkin
Subject:	[PULL 08/32] libvhost-user: Add vu_rem_mem_reg input validation
Date:	Fri, 4 Feb 2022 20:42:56 -0500

From: Raphael Norwitz <raphael.norwitz@nutanix.com>

Today if multiple FDs are sent from the VMM to the backend in a
VHOST_USER_REM_MEM_REG message, one FD will be unmapped and the remaining
FDs will be leaked. Therefore if multiple FDs are sent we report an
error and fail the operation, closing all FDs in the message.

Likewise in case the VMM sends a message with a size less than that of a
memory region descriptor, we add a check to gracefully report an error
and fail the operation rather than crashing.

Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20220117041050.19718-2-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
---
 subprojects/libvhost-user/libvhost-user.h |  2 ++
 subprojects/libvhost-user/libvhost-user.c | 15 +++++++++++++++
 2 files changed, 17 insertions(+)

diff --git a/subprojects/libvhost-user/libvhost-user.h 
b/subprojects/libvhost-user/libvhost-user.h
index 3d13dfadde..cde9f07bb3 100644
--- a/subprojects/libvhost-user/libvhost-user.h
+++ b/subprojects/libvhost-user/libvhost-user.h
@@ -129,6 +129,8 @@ typedef struct VhostUserMemoryRegion {
     uint64_t mmap_offset;
 } VhostUserMemoryRegion;
 
+#define VHOST_USER_MEM_REG_SIZE (sizeof(VhostUserMemoryRegion))
+
 typedef struct VhostUserMemory {
     uint32_t nregions;
     uint32_t padding;
diff --git a/subprojects/libvhost-user/libvhost-user.c 
b/subprojects/libvhost-user/libvhost-user.c
index 787f4d2d4f..b09b1c269e 100644
--- a/subprojects/libvhost-user/libvhost-user.c
+++ b/subprojects/libvhost-user/libvhost-user.c
@@ -801,6 +801,21 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
     VuDevRegion shadow_regions[VHOST_USER_MAX_RAM_SLOTS] = {};
     VhostUserMemoryRegion m = vmsg->payload.memreg.region, *msg_region = &m;
 
+    if (vmsg->fd_num != 1) {
+        vmsg_close_fds(vmsg);
+        vu_panic(dev, "VHOST_USER_REM_MEM_REG received %d fds - only 1 fd "
+                      "should be sent for this message type", vmsg->fd_num);
+        return false;
+    }
+
+    if (vmsg->size < VHOST_USER_MEM_REG_SIZE) {
+        close(vmsg->fds[0]);
+        vu_panic(dev, "VHOST_USER_REM_MEM_REG requires a message size of at "
+                      "least %d bytes and only %d bytes were received",
+                      VHOST_USER_MEM_REG_SIZE, vmsg->size);
+        return false;
+    }
+
     DPRINT("Removing region:\n");
     DPRINT("    guest_phys_addr: 0x%016"PRIx64"\n",
            msg_region->guest_phys_addr);
-- 
MST

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 27/32] ACPI ERST: build the ACPI ERST table, (continued)
- [PULL 27/32] ACPI ERST: build the ACPI ERST table, Michael S. Tsirkin, 2022/02/04
- [PULL 23/32] ACPI ERST: bios-tables-test.c steps 1 and 2, Michael S. Tsirkin, 2022/02/04
- [PULL 06/32] tests: acpi: update expected blobs, Michael S. Tsirkin, 2022/02/04
- [PULL 11/32] libvhost-user: fix VHOST_USER_REM_MEM_REG not closing the fd, Michael S. Tsirkin, 2022/02/04
- [PULL 16/32] virtio: add vhost support for virtio devices, Michael S. Tsirkin, 2022/02/04
- [PULL 24/32] ACPI ERST: PCI device_id for ERST, Michael S. Tsirkin, 2022/02/04
- [PULL 22/32] hmp: add virtio commands, Michael S. Tsirkin, 2022/02/04
- [PULL 19/32] qmp: decode feature & status bits in virtio-status, Michael S. Tsirkin, 2022/02/04
- [PULL 26/32] ACPI ERST: support for ACPI ERST feature, Michael S. Tsirkin, 2022/02/04
- [PULL 29/32] ACPI ERST: qtest for ERST, Michael S. Tsirkin, 2022/02/04
- [PULL 08/32] libvhost-user: Add vu_rem_mem_reg input validation, Michael S. Tsirkin <=
- [PULL 32/32] util/oslib-posix: Fix missing unlock in the error path of os_mem_prealloc(), Michael S. Tsirkin, 2022/02/04
- [PULL 28/32] ACPI ERST: create ACPI ERST table for pc/x86 machines, Michael S. Tsirkin, 2022/02/04
- [PULL 15/32] virtio: drop name parameter for virtio_init(), Michael S. Tsirkin, 2022/02/04
- [PULL 21/32] qmp: add QMP command x-query-virtio-queue-element, Michael S. Tsirkin, 2022/02/04
- [PULL 31/32] ACPI ERST: step 6 of bios-tables-test.c, Michael S. Tsirkin, 2022/02/04
- [PULL 30/32] ACPI ERST: bios-tables-test testcase, Michael S. Tsirkin, 2022/02/04
- [PULL 17/32] qmp: add QMP command x-query-virtio, Michael S. Tsirkin, 2022/02/04
- [PULL 20/32] qmp: add QMP commands for virtio/vhost queue-status, Michael S. Tsirkin, 2022/02/04
- [PULL 25/32] ACPI ERST: header file for ERST, Michael S. Tsirkin, 2022/02/04
- Re: [PULL 00/32] virtio,pc: features, cleanups, fixes, Peter Maydell, 2022/02/05

Prev by Date: [PULL 29/32] ACPI ERST: qtest for ERST
Next by Date: [PULL 32/32] util/oslib-posix: Fix missing unlock in the error path of os_mem_prealloc()
Previous by thread: [PULL 29/32] ACPI ERST: qtest for ERST
Next by thread: [PULL 32/32] util/oslib-posix: Fix missing unlock in the error path of os_mem_prealloc()
Index(es):
- Date
- Thread