Re: [PATCH v2 1/3] Fixed assert in vhost_user_set_mem_table_postcopy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Michael S. Tsirkin" <mst@redhat.com>
To: Raphael Norwitz <raphael.norwitz@nutanix.com>
Cc: Peter Turschmid <peter.turschm@nutanix.com>,
	raphael.s.norwitz@gmail.com, qemu-devel@nongnu.org
Subject: Re: [PATCH v2 1/3] Fixed assert in vhost_user_set_mem_table_postcopy
Date: Thu, 6 Feb 2020 03:20:01 -0500	[thread overview]
Message-ID: <20200206031922-mutt-send-email-mst@kernel.org> (raw)
In-Reply-To: <20200206031645-mutt-send-email-mst@kernel.org>

On Thu, Feb 06, 2020 at 03:17:04AM -0500, Michael S. Tsirkin wrote:
> On Wed, Jan 15, 2020 at 09:57:04PM -0500, Raphael Norwitz wrote:
> > The current vhost_user_set_mem_table_postcopy() implementation
> > populates each region of the VHOST_USER_SET_MEM_TABLE message without
> > first checking if there are more than VHOST_MEMORY_MAX_NREGIONS already
> > populated. This can cause memory corruption if too many regions are
> > added to the message during the postcopy step.
> > 
> > This change moves an existing assert up such that attempting to
> > construct a VHOST_USER_SET_MEM_TABLE message with too many memory
> > regions will gracefully bring down qemu instead of corrupting memory.
> > 
> > Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
> > Signed-off-by: Peter Turschmid <peter.turschm@nutanix.com>
> 
> 
> Could you pls add Fixes: and stable tags?

oh wait no, this is just a theoretical thing, right?
it doesn't actually trigger, it's just a cleanup.

no fixes/stable needed then, sorry

> > ---
> >  hw/virtio/vhost-user.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
> > index 2e81f55..cce851a 100644
> > --- a/hw/virtio/vhost-user.c
> > +++ b/hw/virtio/vhost-user.c
> > @@ -443,6 +443,7 @@ static int vhost_user_set_mem_table_postcopy(struct vhost_dev *dev,
> >                                       &offset);
> >          fd = memory_region_get_fd(mr);
> >          if (fd > 0) {
> > +            assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
> >              trace_vhost_user_set_mem_table_withfd(fd_num, mr->name,
> >                                                    reg->memory_size,
> >                                                    reg->guest_phys_addr,
> > @@ -455,7 +456,6 @@ static int vhost_user_set_mem_table_postcopy(struct vhost_dev *dev,
> >              msg.payload.memory.regions[fd_num].guest_phys_addr =
> >                  reg->guest_phys_addr;
> >              msg.payload.memory.regions[fd_num].mmap_offset = offset;
> > -            assert(fd_num < VHOST_MEMORY_MAX_NREGIONS);
> >              fds[fd_num++] = fd;
> >          } else {
> >              u->region_rb_offset[i] = 0;
> > -- 
> > 1.8.3.1

next prev parent reply	other threads:[~2020-02-06  8:20 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-16  2:57 [PATCH v2 0/3] vhost-user: Lift Max Ram Slots Limitation Raphael Norwitz
2020-01-16  2:57 ` [PATCH v2 1/3] Fixed assert in vhost_user_set_mem_table_postcopy Raphael Norwitz
2020-02-06  8:17   ` Michael S. Tsirkin
2020-02-06  8:20     ` Michael S. Tsirkin [this message]
2020-02-09 17:17       ` Raphael Norwitz
2020-01-16  2:57 ` [PATCH v2 2/3] Refactor vhost_user_set_mem_table functions Raphael Norwitz
2020-02-06  8:21   ` Michael S. Tsirkin
2020-02-09 17:21     ` Raphael Norwitz
2020-01-16  2:57 ` [PATCH v2 3/3] Lift max memory slots limit imposed by vhost-user Raphael Norwitz
2020-02-06  8:32   ` Michael S. Tsirkin
2020-02-09 17:43     ` Raphael Norwitz
2020-02-20  7:03       ` Raphael Norwitz
2020-02-25 12:07       ` Michael S. Tsirkin
2020-01-31 21:21 ` [PATCH v2 0/3] vhost-user: Lift Max Ram Slots Limitation Raphael Norwitz
2020-02-06  8:33 ` Michael S. Tsirkin
2020-02-09 17:14   ` Raphael Norwitz
2020-02-10 16:04     ` Michael S. Tsirkin
2020-02-19  5:33       ` Raphael Norwitz
2020-02-19 10:08         ` Michael S. Tsirkin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200206031922-mutt-send-email-mst@kernel.org \
    --to=mst@redhat.com \
    --cc=peter.turschm@nutanix.com \
    --cc=qemu-devel@nongnu.org \
    --cc=raphael.norwitz@nutanix.com \
    --cc=raphael.s.norwitz@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.