[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v3 6/6] io/channel-socket: qio_channel_socket_flush(): improve ms
|
From: |
Vladimir Sementsov-Ogievskiy |
|
Subject: |
[PATCH v3 6/6] io/channel-socket: qio_channel_socket_flush(): improve msg validation |
|
Date: |
Tue, 17 Oct 2023 15:59:41 +0300 |
For SO_EE_ORIGIN_ZEROCOPY the 32-bit notification range is encoded
as [ee_info, ee_data] inclusively, so ee_info should be less or
equal to ee_data.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
---
io/channel-socket.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/io/channel-socket.c b/io/channel-socket.c
index 02ffb51e99..3a899b0608 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -782,6 +782,11 @@ static int qio_channel_socket_flush(QIOChannel *ioc,
"Error not from zero copy");
return -1;
}
+ if (serr->ee_data < serr->ee_info) {
+ error_setg_errno(errp, serr->ee_origin,
+ "Wrong notification bounds");
+ return -1;
+ }
/* No errors, count successfully finished sendmsg()*/
sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;
--
2.34.1
- [PATCH v3 0/6] coverity fixes, Vladimir Sementsov-Ogievskiy, 2023/10/17
- [PATCH v3 3/6] mc146818rtc: rtc_set_time(): initialize tm to zeroes, Vladimir Sementsov-Ogievskiy, 2023/10/17
- [PATCH v3 1/6] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): assert no overflow, Vladimir Sementsov-Ogievskiy, 2023/10/17
- [PATCH v3 6/6] io/channel-socket: qio_channel_socket_flush(): improve msg validation,
Vladimir Sementsov-Ogievskiy <=
- [PATCH v3 2/6] util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow, Vladimir Sementsov-Ogievskiy, 2023/10/17
- [PATCH v3 5/6] hw/core/loader: gunzip(): initialize z_stream, Vladimir Sementsov-Ogievskiy, 2023/10/17
- [PATCH v3 4/6] block/nvme: nvme_process_completion() fix bound for cid, Vladimir Sementsov-Ogievskiy, 2023/10/17