From: Stefan Hajnoczi <stefanha@gmail.com>
To: Stefan Hajnoczi <stefanha@redhat.com>
Cc: elena.ufimtseva@oracle.com, fam@euphon.net,
john.g.johnson@oracle.com, qemu-devel@nongnu.org,
kraxel@redhat.com, Jagannathan Raman <jag.raman@oracle.com>,
quintela@redhat.com, mst@redhat.com, armbru@redhat.com,
kanth.ghatraju@oracle.com, thuth@redhat.com, ehabkost@redhat.com,
konrad.wilk@oracle.com, dgilbert@redhat.com,
liran.alon@oracle.com, rth@twiddle.net, kwolf@redhat.com,
berrange@redhat.com, mreitz@redhat.com,
ross.lagerwall@citrix.com, marcandre.lureau@gmail.com,
pbonzini@redhat.com
Subject: Re: [Qemu-devel] [RFC v3 PATCH 07/45] multi-process: define proxy-link object
Date: Wed, 9 Oct 2019 14:37:24 +0100 [thread overview]
Message-ID: <20191009133724.GP5747@stefanha-x1.localdomain> (raw)
In-Reply-To: <20190912153435.GM23174@stefanha-x1.localdomain>
[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]
On Thu, Sep 12, 2019 at 05:34:35PM +0200, Stefan Hajnoczi wrote:
> On Tue, Sep 03, 2019 at 04:37:33PM -0400, Jagannathan Raman wrote:
> > + msg->num_fds = 0;
> > + for (chdr = CMSG_FIRSTHDR(&hdr); chdr != NULL;
> > + chdr = CMSG_NXTHDR(&hdr, chdr)) {
> > + if ((chdr->cmsg_level == SOL_SOCKET) &&
> > + (chdr->cmsg_type == SCM_RIGHTS)) {
> > + fdsize = chdr->cmsg_len - CMSG_LEN(0);
> > + msg->num_fds = fdsize / sizeof(int);
> > + memcpy(msg->fds, CMSG_DATA(chdr), fdsize);
>
> Please validate num_fds before memcpy to prevent the buffer overflow.
>
> > + break;
> > + }
> > + }
> > +
> > + if (msg->size && msg->bytestream) {
> > + msg->data2 = calloc(1, msg->size);
> > + data = msg->data2;
> > + } else {
> > + data = (uint8_t *)&msg->data1;
> > + }
> > +
> > + if (msg->size) {
> > + do {
> > + rc = read(sock, data, msg->size);
> > + } while (rc < 0 && (errno == EINTR || errno == EAGAIN));
> > + }
>
> Please validate size to prevent the buffer overflow.
I didn't see a reply so I want to highlight that the effort to introduce
isolation between devices is pointless if the communications link is not
coded securely.
Multi-process QEMU adds no security if one process can corrupt the
memory of another process by sending invalid inputs. Please audit the
code.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2019-10-09 18:45 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-03 20:37 [Qemu-devel] [RFC v3 PATCH 00/45] Initial support of multi-process qemu Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 01/45] multi-process: memory: alloc RAM from file at offset Jagannathan Raman
2019-09-04 8:11 ` Dr. David Alan Gilbert
2019-09-05 15:07 ` Jag Raman
2019-09-05 15:17 ` Dr. David Alan Gilbert
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 02/45] multi-process: util: Add qemu_thread_cancel() to cancel running thread Jagannathan Raman
2019-09-04 9:11 ` Daniel P. Berrangé
2019-09-05 15:10 ` Jag Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 03/45] multi-process: add a command line option for debug file Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 04/45] multi-process: Add stub functions to facilate build of multi-process Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 05/45] multi-process: Add config option for multi-process QEMU Jagannathan Raman
2019-09-12 14:31 ` Stefan Hajnoczi
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 06/45] multi-process: build system for remote device process Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 07/45] multi-process: define proxy-link object Jagannathan Raman
2019-09-04 8:22 ` Daniel P. Berrangé
2019-09-05 14:37 ` Eric Blake
2019-09-05 15:20 ` Jag Raman
2019-09-12 15:34 ` Stefan Hajnoczi
2019-10-09 13:37 ` Stefan Hajnoczi [this message]
2019-10-09 17:58 ` Elena Ufimtseva
2019-10-10 20:21 ` Jag Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 08/45] multi-process: add functions to synchronize proxy and remote endpoints Jagannathan Raman
2019-09-12 15:45 ` Stefan Hajnoczi
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 09/45] multi-process: setup PCI host bridge for remote device Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 10/45] multi-process: setup a machine object for remote device process Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 11/45] multi-process: setup memory manager for remote device Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 12/45] multi-process: remote process initialization Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 13/45] multi-process: introduce proxy object Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 14/45] mutli-process: build remote command line args Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 15/45] multi-process: add support of device id to communication channel Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 16/45] multi-process: PCI BAR read/write handling for proxy & remote endpoints Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 17/45] multi-process: modify BARs read/write to support dev_id Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 18/45] multi-process: support dev id in config read/write Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 19/45] multi-process: Add LSI device proxy object Jagannathan Raman
2019-09-05 10:22 ` Gerd Hoffmann
2019-09-05 15:22 ` Jag Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 20/45] multi-process: Synchronize remote memory Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 21/45] multi-process: create IOHUB object to handle irq Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 22/45] multi-process: configure remote side devices Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 23/45] multi-process: add qdev_proxy_add to create proxy devices Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 24/45] multi-process: remote: add setup_devices and setup_drive msg processing Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 25/45] multi-process: remote: use fd for socket from parent process Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 26/45] multi-process: remote: add create_done condition Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 27/45] multi-process: add processing of remote drive and device command line Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 28/45] multi-process: Introduce build flags to separate remote process code Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 29/45] multi-process: refractor vl.c code to re-use in remote Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 30/45] multi-process: add remote option Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 31/45] multi-process: add remote options parser Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 32/45] multi-process: add parse_cmdline in remote process Jagannathan Raman
2019-09-03 20:37 ` [Qemu-devel] [RFC v3 PATCH 33/45] multi-process: add support for multiple devices Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 34/45] multi-process: add heartbeat timer and signal handler Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 35/45] multi-process: handle heartbeat messages in remote process Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 36/45] multi-process: Use separate MMIO communication channel Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 37/45] multi-process: perform device reset in the remote process Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 38/45] multi-process/mon: stub functions to enable QMP module for " Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 39/45] multi-process/mon: build system for QMP module in " Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 40/45] multi-process/mon: Refactor monitor/chardev functions out of vl.c Jagannathan Raman
2019-09-04 8:37 ` Dr. David Alan Gilbert
2019-09-05 15:23 ` Jag Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 41/45] multi-process/mon: trim HMP command set for remote storage processes Jagannathan Raman
2019-09-04 8:56 ` Dr. David Alan Gilbert
2019-09-05 15:54 ` Jag Raman
2019-09-05 15:57 ` Dr. David Alan Gilbert
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 42/45] multi-process/mon: Initialize QMP module for remote processes Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 43/45] multi-process: prevent duplicate memory initialization in remote Jagannathan Raman
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 44/45] multi-process: add the concept description to docs/devel/qemu-multiprocess Jagannathan Raman
2019-09-05 10:10 ` Gerd Hoffmann
2019-09-05 10:16 ` Peter Maydell
2019-09-05 16:08 ` Elena Ufimtseva
2019-09-03 20:38 ` [Qemu-devel] [RFC v3 PATCH 45/45] multi-process: add configure and usage information Jagannathan Raman
2019-09-04 9:18 ` [Qemu-devel] [RFC v3 PATCH 00/45] Initial support of multi-process qemu Daniel P. Berrangé
2019-09-04 16:29 ` Jag Raman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191009133724.GP5747@stefanha-x1.localdomain \
--to=stefanha@gmail.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=ehabkost@redhat.com \
--cc=elena.ufimtseva@oracle.com \
--cc=fam@euphon.net \
--cc=jag.raman@oracle.com \
--cc=john.g.johnson@oracle.com \
--cc=kanth.ghatraju@oracle.com \
--cc=konrad.wilk@oracle.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=liran.alon@oracle.com \
--cc=marcandre.lureau@gmail.com \
--cc=mreitz@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=ross.lagerwall@citrix.com \
--cc=rth@twiddle.net \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).