From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL v2 30/40] ivshmem: Tighten check of property "size"
Date: Mon, 21 Mar 2016 21:43:53 +0100 [thread overview]
Message-ID: <1458593043-31731-31-git-send-email-armbru@redhat.com> (raw)
In-Reply-To: <1458593043-31731-1-git-send-email-armbru@redhat.com>
If size_t is narrower than 64 bits, passing uint64_t ivshmem_size to
mmap() truncates. Reject such sizes.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1458066895-20632-31-git-send-email-armbru@redhat.com>
---
hw/misc/ivshmem.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index 7b9e769..66c713e 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -87,7 +87,7 @@ typedef struct IVShmemState {
*/
MemoryRegion bar;
MemoryRegion ivshmem;
- uint64_t ivshmem_size; /* size of shared memory region */
+ size_t ivshmem_size; /* size of shared memory region */
uint32_t ivshmem_64bit;
Peer *peers;
@@ -361,7 +361,7 @@ static int check_shm_size(IVShmemState *s, int fd, Error **errp)
if (s->ivshmem_size > buf.st_size) {
error_setg(errp, "Requested memory size greater"
- " than shared object size (%" PRIu64 " > %" PRIu64")",
+ " than shared object size (%zu > %" PRIu64")",
s->ivshmem_size, (uint64_t)buf.st_size);
return -1;
} else {
@@ -865,7 +865,8 @@ static void pci_ivshmem_realize(PCIDevice *dev, Error **errp)
} else {
char *end;
int64_t size = qemu_strtosz(s->sizearg, &end);
- if (size < 0 || *end != '\0' || !is_power_of_2(size)) {
+ if (size < 0 || (size_t)size != size || *end != '\0'
+ || !is_power_of_2(size)) {
error_setg(errp, "Invalid size %s", s->sizearg);
return;
}
--
2.4.3
next prev parent reply other threads:[~2016-03-21 20:44 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-03-21 20:43 [Qemu-devel] [PULL v2 00/40] ivshmem: Fixes, cleanups, device model split Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 01/40] target-ppc: Document TOCTTOU in hugepage support Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 02/40] ivshmem-server: Fix and clean up command line help Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 03/40] ivshmem-server: Don't overload POSIX shmem and file name Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 04/40] qemu-doc: Fix ivshmem huge page example Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 05/40] event_notifier: Make event_notifier_init_fd() #ifdef CONFIG_EVENTFD Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 06/40] tests/libqos/pci-pc: Fix qpci_pc_iomap() to map BARs aligned Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 07/40] ivshmem-test: Improve test case /ivshmem/single Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 08/40] ivshmem-test: Clean up wait for devices to become operational Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 09/40] ivshmem-test: Improve test cases /ivshmem/server-* Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 10/40] ivshmem: Rewrite specification document Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 11/40] ivshmem: Add missing newlines to debug printfs Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 12/40] ivshmem: Compile debug prints unconditionally to prevent bit-rot Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 13/40] ivshmem: Clean up after commit 9940c32 Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 14/40] ivshmem: Drop ivshmem_event() stub Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 15/40] ivshmem: Don't destroy the chardev on version mismatch Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 16/40] ivshmem: Fix harmless misuse of Error Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 17/40] ivshmem: Failed realize() can leave migration blocker behind Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 18/40] ivshmem: Clean up register callbacks Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 19/40] ivshmem: Clean up MSI-X conditions Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 20/40] ivshmem: Leave INTx alone when using MSI-X Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 21/40] ivshmem: Assert interrupts are set up once Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 22/40] ivshmem: Simplify rejection of invalid peer ID from server Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 23/40] ivshmem: Disentangle ivshmem_read() Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 24/40] ivshmem: Plug leaks on unplug, fix peer disconnect Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 25/40] ivshmem: Receive shared memory synchronously in realize() Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 26/40] ivshmem: Propagate errors through ivshmem_recv_setup() Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 27/40] ivshmem: Rely on server sending the ID right after the version Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 28/40] ivshmem: Drop the hackish test for UNIX domain chardev Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 29/40] ivshmem: Simplify how we cope with short reads from server Markus Armbruster
2016-03-21 20:43 ` Markus Armbruster [this message]
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 31/40] ivshmem: Implement shm=... with a memory backend Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 32/40] ivshmem: Simplify memory regions for BAR 2 (shared memory) Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 33/40] ivshmem: Inline check_shm_size() into its only caller Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 34/40] qdev: New DEFINE_PROP_ON_OFF_AUTO Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 35/40] ivshmem: Replace int role_val by OnOffAuto master Markus Armbruster
2016-03-21 20:43 ` [Qemu-devel] [PULL v2 36/40] ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem Markus Armbruster
2016-03-21 20:44 ` [Qemu-devel] [PULL v2 37/40] ivshmem: Clean up after the previous commit Markus Armbruster
2016-03-21 20:44 ` [Qemu-devel] [PULL v2 38/40] ivshmem: Drop ivshmem property x-memdev Markus Armbruster
2016-03-21 20:44 ` [Qemu-devel] [PULL v2 39/40] ivshmem: Require master to have ID zero Markus Armbruster
2016-03-21 20:44 ` [Qemu-devel] [PULL v2 40/40] contrib/ivshmem-server: Print "not for production" warning Markus Armbruster
2016-03-22 16:40 ` [Qemu-devel] [PULL v2 00/40] ivshmem: Fixes, cleanups, device model split Peter Maydell
2016-03-22 18:02 ` Markus Armbruster
2016-03-23 14:15 ` Peter Maydell
2016-04-08 20:13 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1458593043-31731-31-git-send-email-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).