From: David Hildenbrand <david@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>, qemu-devel@nongnu.org
Cc: Markus Armbruster <armbru@redhat.com>,
Igor Mammedov <imammedo@redhat.com>,
Stefano Garzarella <sgarzare@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2] hostmem: Validate host-nodes before setting bitmap
Date: Fri, 30 Nov 2018 13:51:34 +0100 [thread overview]
Message-ID: <044a9b6d-af3d-53b9-5204-e90089f5b035@redhat.com> (raw)
In-Reply-To: <20181130122844.29103-1-ehabkost@redhat.com>
On 30.11.18 13:28, Eduardo Habkost wrote:
> host_memory_backend_set_host_nodes() was not validating
> host-nodes before writing to backend->host_nodes, making QEMU
> write beyond the end of the bitmap.
>
> Fix the crash and add a simple regression test for the fix.
>
> While at it, fix memory leak of the list returned by
> visit_type_uint16List().
>
> Reported-by: Markus Armbruster <armbru@redhat.com>
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
> ---
> Changes v1 -> v2:
> * Remove extra `l = l->next` statement
> (reported by Stefano Garzarella)
> * Fix (existing) leak of `host_nodes`
> (reported by Markus Armbruster)
> ---
> backends/hostmem.c | 17 +++++++++----
> tests/acceptance/host-nodes-limit.py | 36 ++++++++++++++++++++++++++++
> 2 files changed, 49 insertions(+), 4 deletions(-)
> create mode 100644 tests/acceptance/host-nodes-limit.py
>
> diff --git a/backends/hostmem.c b/backends/hostmem.c
> index 1a89342039..af800284e0 100644
> --- a/backends/hostmem.c
> +++ b/backends/hostmem.c
> @@ -103,14 +103,23 @@ host_memory_backend_set_host_nodes(Object *obj, Visitor *v, const char *name,
> {
> #ifdef CONFIG_NUMA
> HostMemoryBackend *backend = MEMORY_BACKEND(obj);
> - uint16List *l = NULL;
> + uint16List *l, *host_nodes = NULL;
>
> - visit_type_uint16List(v, name, &l, errp);
> + visit_type_uint16List(v, name, &host_nodes, errp);
>
> - while (l) {
> + for (l = host_nodes; l; l = l->next) {
> + if (l->value >= MAX_NODES) {
> + error_setg(errp, "Invalid host-nodes value: %d", l->value);
> + goto out;
> + }
> + }
> +
> + for (l = host_nodes; l; l = l->next) {
> bitmap_set(backend->host_nodes, l->value, 1);
> - l = l->next;
> }
> +
> +out:
> + qapi_free_uint16List(host_nodes);
> #else
> error_setg(errp, "NUMA node binding are not supported by this QEMU");
> #endif
> diff --git a/tests/acceptance/host-nodes-limit.py b/tests/acceptance/host-nodes-limit.py
> new file mode 100644
> index 0000000000..e803e10104
> --- /dev/null
> +++ b/tests/acceptance/host-nodes-limit.py
> @@ -0,0 +1,36 @@
> +# Regression test for host-nodes limit validation
> +#
> +# Copyright (c) 2018 Red Hat, Inc.
> +#
> +# Author:
> +# Eduardo Habkost <ehabkost@redhat.com>
> +#
> +# This work is licensed under the terms of the GNU GPL, version 2 or
> +# later. See the COPYING file in the top-level directory.
> +
> +from avocado_qemu import Test
> +from subprocess import Popen, PIPE
> +
> +MAX_NODES = 128
> +
> +class HostNodesValidation(Test):
> + def test_large_host_nodes(self):
> + p = Popen([self.qemu_bin, '-display', 'none', '-nodefaults',
> + '-object', 'memory-backend-ram,id=m0,'
> + 'size=4096,host-nodes=%d' % (MAX_NODES)],
> + stderr=PIPE, stdout=PIPE)
> + stdout,stderr = p.communicate()
> +
> + self.assertIn(b'Invalid host-nodes', stderr)
> + self.assertEquals(stdout, b'')
> + self.assertEquals(p.returncode, 1)
> +
> + def test_valid_host_nodes(self):
> + p = Popen([self.qemu_bin, '-display', 'none', '-nodefaults',
> + '-object', 'memory-backend-ram,id=m0,'
> + 'size=4096,host-nodes=%d' % (MAX_NODES - 1)],
> + stderr=PIPE, stdout=PIPE)
> + stdout,stderr = p.communicate()
> +
> + self.assertIn(b'host-nodes must be empty', stderr)
> + self.assertEquals(p.returncode, 1)
>
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Thanks,
David / dhildenb
next prev parent reply other threads:[~2018-11-30 12:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-30 12:28 [Qemu-devel] [PATCH v2] hostmem: Validate host-nodes before setting bitmap Eduardo Habkost
2018-11-30 12:35 ` Stefano Garzarella
2018-11-30 12:51 ` David Hildenbrand [this message]
2018-11-30 13:22 ` Markus Armbruster
2018-11-30 14:27 ` Eduardo Habkost
2018-11-30 15:47 ` Markus Armbruster
2018-11-30 14:53 ` [Qemu-devel] [PATCH for-3.1? " Eric Blake
2018-11-30 17:55 ` Markus Armbruster
2018-11-30 18:19 ` Eduardo Habkost
2018-12-04 13:29 ` [Qemu-devel] [PATCH " Igor Mammedov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=044a9b6d-af3d-53b9-5204-e90089f5b035@redhat.com \
--to=david@redhat.com \
--cc=armbru@redhat.com \
--cc=ehabkost@redhat.com \
--cc=imammedo@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).