Re: [Qemu-devel] [PATCH V3 02/13] hw/9pfs: Add validation to marshal code

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: "M. Mohan Kumar" <mohan@in.ibm.com>,
	qemu-devel@nongnu.org, stefanha@gmail.com, berrange@redhat.com
Subject: Re: [Qemu-devel] [PATCH V3 02/13] hw/9pfs: Add validation to marshal code
Date: Mon, 21 Nov 2011 20:08:33 +0530	[thread overview]
Message-ID: <87ty5x5ymu.fsf@linux.vnet.ibm.com> (raw)
In-Reply-To: <1321882578-7498-3-git-send-email-mohan@in.ibm.com>

On Mon, 21 Nov 2011 19:06:07 +0530, "M. Mohan Kumar" <mohan@in.ibm.com> wrote:
> From: "M. Mohan Kumar" <mohan@in.ibm.com>
> 
> Add validatio check to {un}marshal code.
> 
> Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
> ---
>  fsdev/virtio-9p-marshal.c |   97 ++++++++++++-------
>  fsdev/virtio-9p-marshal.h |    8 +-
>  hw/9pfs/virtio-9p.c       |  231 +++++++++++++++++++++++++++++++++------------
>  3 files changed, 236 insertions(+), 100 deletions(-)
> 
> diff --git a/fsdev/virtio-9p-marshal.c b/fsdev/virtio-9p-marshal.c
> index 2da0a34..74161df 100644
> --- a/fsdev/virtio-9p-marshal.c
> +++ b/fsdev/virtio-9p-marshal.c
> @@ -62,14 +62,14 @@ void v9fs_string_copy(V9fsString *lhs, V9fsString *rhs)
>  }
> 
> 
> -static size_t v9fs_packunpack(void *addr, struct iovec *sg, int sg_count,
> -                              size_t offset, size_t size, int pack)
> +static ssize_t v9fs_packunpack(void *addr, struct iovec *sg, int sg_count,
> +                              ssize_t offset, ssize_t size, int pack)
>  {
>      int i = 0;
> -    size_t copied = 0;
> +    ssize_t copied = 0;
> 
>      for (i = 0; size && i < sg_count; i++) {
> -        size_t len;
> +        ssize_t len;
>          if (offset >= sg[i].iov_len) {
>              /* skip this sg */
>              offset -= sg[i].iov_len;
> @@ -91,25 +91,29 @@ static size_t v9fs_packunpack(void *addr, struct iovec *sg, int sg_count,
>          }
>      }
> 
> +    /* could not copy requested 'size' */
> +    if (copied < 0) {
> +        return -1;
> +    }

I am not sure copied will be < 0 here even in error case


>      return copied;
>  }
> 
> -static size_t v9fs_unpack(void *dst, struct iovec *out_sg, int out_num,
> -                          size_t offset, size_t size)
> +static ssize_t v9fs_unpack(void *dst, struct iovec *out_sg, int out_num,
> +                          ssize_t offset, ssize_t size)
>  {
>      return v9fs_packunpack(dst, out_sg, out_num, offset, size, 0);
>  }
> 
> -size_t v9fs_pack(struct iovec *in_sg, int in_num, size_t offset,
> -                const void *src, size_t size)
> +ssize_t v9fs_pack(struct iovec *in_sg, int in_num, ssize_t offset,
> +                const void *src, ssize_t size)
>  {
>      return v9fs_packunpack((void *)src, in_sg, in_num, offset, size, 1);
>  }
> 
>  static int v9fs_copy_sg(struct iovec *src_sg, unsigned int num,
> -                        size_t offset, struct iovec *sg)
> +                        ssize_t offset, struct iovec *sg)
>  {
> -    size_t pos = 0;
> +    ssize_t pos = 0;
>      int i, j;
> 
>      j = 0;
> @@ -131,10 +135,10 @@ static int v9fs_copy_sg(struct iovec *src_sg, unsigned int num,
>      return j;
>  }
> 
> -size_t v9fs_unmarshal(struct iovec *out_sg, int out_num, size_t offset,
> -                int convert, const char *fmt, ...)
> +ssize_t v9fs_unmarshal(struct iovec *out_sg,
> +                int out_num, ssize_t offset, int convert, const char *fmt, ...)
>  {
> -    size_t old_offset = offset;
> +    ssize_t old_offset = offset, copied;
>      va_list ap;
>      int i;
> 
> @@ -143,13 +147,13 @@ size_t v9fs_unmarshal(struct iovec *out_sg, int out_num, size_t offset,
>          switch (fmt[i]) {
>          case 'b': {
>              uint8_t *valp = va_arg(ap, uint8_t *);
> -            offset += v9fs_unpack(valp, out_sg, out_num, offset, sizeof(*valp));
> +            copied = v9fs_unpack(valp, out_sg, out_num, offset, sizeof(*valp));
>              break;
>          }

Do we really need error checking for unpack ? unpack reads the value
from the buffer and store them in arguments passed. So what is the
failure condition here ? We always will have enough space to unpack.


>          case 'w': {
>              uint16_t val, *valp;
>              valp = va_arg(ap, uint16_t *);
> -            offset += v9fs_unpack(&val, out_sg, out_num, offset, sizeof(val));
> +            copied = v9fs_unpack(&val, out_sg, out_num, offset, sizeof(val));
>              if (convert) {
>                  *valp = le16_to_cpu(val);
>              } else {

-aneesh

next prev parent reply	other threads:[~2011-11-21 14:39 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-21 13:36 [Qemu-devel] [PATCH V3 00/13] Proxy FS driver for VirtFS M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 01/13] hw/9pfs: Move pdu_marshal/unmarshal code to a seperate file M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 02/13] hw/9pfs: Add validation to marshal code M. Mohan Kumar
2011-11-21 14:38   ` Aneesh Kumar K.V [this message]
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 03/13] hw/9pfs: Add new proxy filesystem driver M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 04/13] hw/9pfs: File system helper process for qemu 9p proxy FS M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 05/13] hw/9pfs: Open and create files M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 06/13] hw/9pfs: Create other filesystem objects M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 07/13] hw/9pfs: Add stat/readlink/statfs for proxy FS M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 08/13] hw/9pfs: File ownership and others M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 09/13] hw/9pfs: xattr interfaces in proxy filesystem driver M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 10/13] hw/9pfs: Proxy getversion M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 11/13] hw/9pfs: Documentation changes related to proxy fs M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 12/13] hw/9pfs: man page for proxy helper M. Mohan Kumar
2011-11-21 13:36 ` [Qemu-devel] [PATCH V3 13/13] hw/9pfs: Add support to use named socket for proxy FS M. Mohan Kumar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87ty5x5ymu.fsf@linux.vnet.ibm.com \
    --to=aneesh.kumar@linux.vnet.ibm.com \
    --cc=berrange@redhat.com \
    --cc=mohan@in.ibm.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.