From: Jagannathan Raman <jag.raman@oracle.com>
To: qemu-devel@nongnu.org
Cc: elena.ufimtseva@oracle.com, fam@euphon.net,
swapnil.ingle@nutanix.com, john.g.johnson@oracle.com,
kraxel@redhat.com, jag.raman@oracle.com, quintela@redhat.com,
mst@redhat.com, armbru@redhat.com, kanth.ghatraju@oracle.com,
felipe@nutanix.com, thuth@redhat.com, ehabkost@redhat.com,
konrad.wilk@oracle.com, dgilbert@redhat.com,
liran.alon@oracle.com, stefanha@redhat.com,
thanos.makatos@nutanix.com, rth@twiddle.net, kwolf@redhat.com,
berrange@redhat.com, mreitz@redhat.com,
ross.lagerwall@citrix.com, marcandre.lureau@gmail.com,
pbonzini@redhat.com
Subject: [PATCH v5 48/50] multi-process: Validate incoming commands from Proxy
Date: Mon, 24 Feb 2020 15:55:39 -0500 [thread overview]
Message-ID: <00737a41c9bc4993ad47e5d4387ac14f1892be40.1582576372.git.jag.raman@oracle.com> (raw)
In-Reply-To: <cover.1582576372.git.jag.raman@oracle.com>
In-Reply-To: <cover.1582576372.git.jag.raman@oracle.com>
From: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Validate the incoming commands to confirm that they would not cause any
errors in the remote process.
Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com>
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Signed-off-by: John G Johnson <john.g.johnson@oracle.com>
---
hw/proxy/qemu-proxy.c | 6 +++-
include/io/mpqemu-link.h | 2 ++
io/mpqemu-link.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++-
remote/remote-main.c | 4 +++
4 files changed, 85 insertions(+), 2 deletions(-)
diff --git a/hw/proxy/qemu-proxy.c b/hw/proxy/qemu-proxy.c
index 4d4eff4..7330094 100644
--- a/hw/proxy/qemu-proxy.c
+++ b/hw/proxy/qemu-proxy.c
@@ -868,7 +868,11 @@ static void send_bar_access_msg(PCIProxyDev *dev, MemoryRegion *mr,
mpqemu_msg_recv(&ret, mpqemu_link->mmio);
- *val = ret.data1.mmio_ret.val;
+ if (!mpqemu_msg_valid(&ret)) {
+ *val = 0;
+ } else {
+ *val = ret.data1.mmio_ret.val;
+ }
}
void proxy_default_bar_write(void *opaque, hwaddr addr, uint64_t val,
diff --git a/include/io/mpqemu-link.h b/include/io/mpqemu-link.h
index 722f08c..2f44f31 100644
--- a/include/io/mpqemu-link.h
+++ b/include/io/mpqemu-link.h
@@ -213,4 +213,6 @@ void mpqemu_start_coms(MPQemuLinkState *s);
uint64_t wait_for_remote(int efd);
void notify_proxy(int fd, uint64_t val);
+bool mpqemu_msg_valid(MPQemuMsg *msg);
+
#endif
diff --git a/io/mpqemu-link.c b/io/mpqemu-link.c
index 07a9be9..298bb58 100644
--- a/io/mpqemu-link.c
+++ b/io/mpqemu-link.c
@@ -65,7 +65,7 @@ void mpqemu_link_finalize(MPQemuLinkState *s)
void mpqemu_msg_send(MPQemuMsg *msg, MPQemuChannel *chan)
{
int rc;
- uint8_t *data;
+ uint8_t *data = NULL;
union {
char control[CMSG_SPACE(REMOTE_MAX_FDS * sizeof(int))];
struct cmsghdr align;
@@ -335,3 +335,76 @@ void mpqemu_start_coms(MPQemuLinkState *s)
g_main_loop_run(s->loop);
}
+
+bool mpqemu_msg_valid(MPQemuMsg *msg)
+{
+ if (msg->cmd >= MAX) {
+ return false;
+ }
+
+ if (msg->bytestream) {
+ if (!msg->data2) {
+ return false;
+ }
+ } else {
+ if (msg->data2) {
+ return false;
+ }
+ }
+
+ /* Verify FDs. */
+ if (msg->num_fds >= REMOTE_MAX_FDS) {
+ return false;
+ }
+ if (msg->num_fds > 0) {
+ for (int i = 0; i < msg->num_fds; i++) {
+ if (fcntl(msg->fds[i], F_GETFL) == -1) {
+ return false;
+ }
+ }
+ }
+
+ /* Verify ID size. */
+ if (msg->id >= UINT64_MAX) {
+ return false;
+ }
+
+ /* Verify message specific fields. */
+ switch (msg->cmd) {
+ case SYNC_SYSMEM:
+ if (msg->num_fds == 0 || msg->bytestream != 0) {
+ return false;
+ }
+ if (msg->size != sizeof(msg->data1)) {
+ return false;
+ }
+ break;
+ case PCI_CONFIG_WRITE:
+ case PCI_CONFIG_READ:
+ if (msg->size != sizeof(struct conf_data_msg)) {
+ return false;
+ }
+ break;
+ case BAR_WRITE:
+ case BAR_READ:
+ case SET_IRQFD:
+ case MMIO_RETURN:
+ case DEVICE_RESET:
+ case RUNSTATE_SET:
+ if (msg->size != sizeof(msg->data1)) {
+ return false;
+ }
+ break;
+ case PROXY_PING:
+ case START_MIG_OUT:
+ case START_MIG_IN:
+ if (msg->size != 0) {
+ return false;
+ }
+ break;
+ default:
+ break;
+ }
+
+ return true;
+}
diff --git a/remote/remote-main.c b/remote/remote-main.c
index 20d160e..c4aa3e0 100644
--- a/remote/remote-main.c
+++ b/remote/remote-main.c
@@ -435,6 +435,10 @@ static void process_msg(GIOCondition cond, MPQemuChannel *chan)
if (msg->id > MAX_REMOTE_DEVICES) {
error_setg(&err, "id of the device is larger than max number of "\
"devices per remote process.");
+ }
+
+ if (!mpqemu_msg_valid(msg)) {
+ error_setg(&err, "Message is not valid");
goto finalize_loop;
}
--
1.8.3.1
next prev parent reply other threads:[~2020-02-24 21:25 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 20:54 [PATCH v5 00/50] Initial support for multi-process qemu Jagannathan Raman
2020-02-24 20:54 ` [PATCH v5 01/50] multi-process: memory: alloc RAM from file at offset Jagannathan Raman
2020-03-03 19:51 ` Dr. David Alan Gilbert
2020-03-04 18:24 ` Jag Raman
2020-02-24 20:54 ` [PATCH v5 02/50] multi-process: Refactor machine_init and exit notifiers Jagannathan Raman
2020-03-29 16:45 ` Marc-André Lureau
2020-02-24 20:54 ` [PATCH v5 03/50] multi-process: add a command line option for debug file Jagannathan Raman
2020-02-24 20:54 ` [PATCH v5 04/50] multi-process: Add stub functions to facilate build of multi-process Jagannathan Raman
2020-02-24 20:54 ` [PATCH v5 05/50] multi-process: Add config option for multi-process QEMU Jagannathan Raman
2020-02-24 20:54 ` [PATCH v5 06/50] multi-process: build system for remote device process Jagannathan Raman
2020-02-24 20:54 ` [PATCH v5 07/50] multi-process: define mpqemu-link object Jagannathan Raman
2020-03-10 16:09 ` Stefan Hajnoczi
2020-03-10 18:26 ` Elena Ufimtseva
2020-03-16 11:26 ` Stefan Hajnoczi
2020-02-24 20:54 ` [PATCH v5 08/50] multi-process: add functions to synchronize proxy and remote endpoints Jagannathan Raman
2020-03-03 19:56 ` Dr. David Alan Gilbert
2020-03-04 18:42 ` Jag Raman
2020-03-04 19:46 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 09/50] multi-process: setup PCI host bridge for remote device Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 10/50] multi-process: setup a machine object for remote device process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 11/50] multi-process: setup memory manager for remote device Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 12/50] multi-process: remote process initialization Jagannathan Raman
2020-03-04 10:29 ` Dr. David Alan Gilbert
2020-03-04 18:45 ` Jag Raman
2020-03-04 19:00 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 13/50] multi-process: introduce proxy object Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 14/50] mutli-process: build remote command line args Jagannathan Raman
2020-03-02 17:36 ` Philippe Mathieu-Daudé
2020-03-02 17:47 ` Daniel P. Berrangé
2020-03-02 22:39 ` Elena Ufimtseva
2020-03-04 11:00 ` Daniel P. Berrangé
2020-03-04 16:25 ` Elena Ufimtseva
2020-03-04 16:33 ` Daniel P. Berrangé
2020-03-04 22:37 ` Elena Ufimtseva
2020-03-05 8:21 ` Daniel P. Berrangé
2020-03-06 16:25 ` Stefan Hajnoczi
2020-03-04 10:09 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 15/50] multi-process: PCI BAR read/write handling for proxy & remote endpoints Jagannathan Raman
2020-03-04 10:47 ` Dr. David Alan Gilbert
2020-03-04 19:05 ` Jag Raman
2020-02-24 20:55 ` [PATCH v5 16/50] multi-process: Synchronize remote memory Jagannathan Raman
2020-03-04 11:53 ` Dr. David Alan Gilbert
2020-03-04 19:35 ` Jag Raman
2020-02-24 20:55 ` [PATCH v5 17/50] multi-process: create IOHUB object to handle irq Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 18/50] multi-process: configure remote side devices Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 19/50] multi-process: Retrieve PCI info from remote process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 20/50] multi-process: add qdev_proxy_add to create proxy devices Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 21/50] multi-process: remote: add setup_devices msg processing Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 22/50] multi-process: remote: use fd for socket from parent process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 23/50] multi-process: remote: add create_done condition Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 24/50] multi-process: add processing of remote device command line Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 25/50] multi-process: Introduce build flags to separate remote process code Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 26/50] multi-process: refractor vl.c code Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 27/50] multi-process: add remote option Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 28/50] multi-process: add remote options parser Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 29/50] multi-process: add parse_cmdline in remote process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 30/50] multi-process: send heartbeat messages to remote Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 31/50] multi-process: handle heartbeat messages in remote process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 32/50] multi-process: Use separate MMIO communication channel Jagannathan Raman
2020-03-06 16:52 ` Stefan Hajnoczi
2020-03-10 18:04 ` Jag Raman
2020-02-24 20:55 ` [PATCH v5 33/50] multi-process: perform device reset in the remote process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 34/50] multi-process/mon: choose HMP commands based on target Jagannathan Raman
2020-03-05 10:39 ` Dr. David Alan Gilbert
2020-03-05 15:38 ` Jag Raman
2020-03-05 15:50 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 35/50] multi-process/mon: stub functions to enable QMP module for remote process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 36/50] multi-process/mon: enable QMP module support in the " Jagannathan Raman
2020-03-05 10:43 ` Dr. David Alan Gilbert
2020-03-05 15:40 ` Jag Raman
2020-03-05 15:52 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 37/50] multi-process/mon: Refactor monitor/chardev functions out of vl.c Jagannathan Raman
2020-03-05 10:51 ` Dr. David Alan Gilbert
2020-03-05 15:41 ` Jag Raman
2020-02-24 20:55 ` [PATCH v5 38/50] multi-process/mon: Initialize QMP module for remote processes Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 39/50] multi-process: prevent duplicate memory initialization in remote Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 40/50] multi-process/mig: build migration module in the remote process Jagannathan Raman
2020-03-04 15:58 ` Dr. David Alan Gilbert
2020-03-04 19:45 ` Jag Raman
2020-03-04 19:52 ` Dr. David Alan Gilbert
2020-03-04 20:23 ` Jag Raman
2020-03-05 10:10 ` Dr. David Alan Gilbert
2020-03-05 17:07 ` Elena Ufimtseva
2020-03-05 17:19 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 41/50] multi-process/mig: Enable VMSD save in the Proxy object Jagannathan Raman
2020-03-05 12:31 ` Dr. David Alan Gilbert
2020-03-05 16:48 ` Jag Raman
2020-03-05 17:04 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 42/50] multi-process/mig: Send VMSD of remote to " Jagannathan Raman
2020-03-05 14:39 ` Dr. David Alan Gilbert
2020-03-05 16:32 ` Elena Ufimtseva
2020-02-24 20:55 ` [PATCH v5 43/50] multi-process/mig: Load VMSD in the proxy object Jagannathan Raman
2020-03-05 15:28 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 44/50] multi-process/mig: refactor runstate_check into common file Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 45/50] multi-process/mig: Synchronize runstate of remote process Jagannathan Raman
2020-02-24 20:55 ` [PATCH v5 46/50] multi-process/mig: Restore the VMSD in " Jagannathan Raman
2020-03-05 16:05 ` Dr. David Alan Gilbert
2020-02-24 20:55 ` [PATCH v5 47/50] multi-process: Enable support for multiple devices in remote Jagannathan Raman
2020-02-28 16:44 ` Stefan Hajnoczi
2020-03-02 19:28 ` Jag Raman
2020-02-24 20:55 ` Jagannathan Raman [this message]
2020-02-27 17:18 ` [PATCH v5 48/50] multi-process: Validate incoming commands from Proxy Stefan Hajnoczi
2020-02-28 17:53 ` Elena Ufimtseva
2020-02-24 20:55 ` [PATCH v5 49/50] multi-process: add the concept description to docs/devel/qemu-multiprocess Jagannathan Raman
2020-02-27 17:11 ` Stefan Hajnoczi
2020-02-28 18:44 ` Elena Ufimtseva
2020-02-24 20:55 ` [PATCH v5 50/50] multi-process: add configure and usage information Jagannathan Raman
2020-02-27 16:58 ` Stefan Hajnoczi
2020-02-28 18:43 ` Elena Ufimtseva
2020-03-06 16:42 ` Stefan Hajnoczi
2020-02-24 21:59 ` [PATCH v5 00/50] Initial support for multi-process qemu no-reply
2020-02-24 22:03 ` no-reply
2020-02-24 22:23 ` no-reply
2020-03-01 11:57 ` Alex Bennée
2020-03-02 15:28 ` Jag Raman
2020-03-02 16:29 ` Alex Bennée
2020-03-02 16:53 ` Jag Raman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=00737a41c9bc4993ad47e5d4387ac14f1892be40.1582576372.git.jag.raman@oracle.com \
--to=jag.raman@oracle.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=elena.ufimtseva@oracle.com \
--cc=fam@euphon.net \
--cc=felipe@nutanix.com \
--cc=john.g.johnson@oracle.com \
--cc=kanth.ghatraju@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=liran.alon@oracle.com \
--cc=marcandre.lureau@gmail.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=ross.lagerwall@citrix.com \
--cc=rth@twiddle.net \
--cc=stefanha@redhat.com \
--cc=swapnil.ingle@nutanix.com \
--cc=thanos.makatos@nutanix.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).