From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
"Christian Pötzsch" <christian.poetzsch@kernkonzept.com>
Subject: [PULL v2 09/91] Fix vhost user assertion when sending more than one fd
Date: Tue, 2 Jul 2024 16:14:16 -0400 [thread overview]
Message-ID: <5093bee0fa8a6c9712c96653da3a79bc37a4e45d.1719951026.git.mst@redhat.com> (raw)
In-Reply-To: <cover.1719951026.git.mst@redhat.com>
From: Christian Pötzsch <christian.poetzsch@kernkonzept.com>
If the client sends more than one region this assert triggers. The
reason is that two fd's are 8 bytes and VHOST_MEMORY_BASELINE_NREGIONS
is exactly 8.
The assert is wrong because it should not test for the size of the fd
array, but for the numbers of regions.
Signed-off-by: Christian Pötzsch <christian.poetzsch@kernkonzept.com>
Message-Id: <20240426083313.3081272-1-christian.poetzsch@kernkonzept.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
subprojects/libvhost-user/libvhost-user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
index a879149fef..8adb277d54 100644
--- a/subprojects/libvhost-user/libvhost-user.c
+++ b/subprojects/libvhost-user/libvhost-user.c
@@ -568,7 +568,7 @@ vu_message_read_default(VuDev *dev, int conn_fd, VhostUserMsg *vmsg)
if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
fd_size = cmsg->cmsg_len - CMSG_LEN(0);
vmsg->fd_num = fd_size / sizeof(int);
- assert(fd_size < VHOST_MEMORY_BASELINE_NREGIONS);
+ assert(vmsg->fd_num <= VHOST_MEMORY_BASELINE_NREGIONS);
memcpy(vmsg->fds, CMSG_DATA(cmsg), fd_size);
break;
}
--
MST
next prev parent reply other threads:[~2024-07-02 20:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-02 20:13 [PULL v2 00/91] virtio: features,fixes Michael S. Tsirkin
2024-07-02 20:13 ` [PULL v2 01/91] vhost: dirty log should be per backend type Michael S. Tsirkin
2024-07-02 20:13 ` [PULL v2 02/91] vhost: Perform memory section dirty scans once per iteration Michael S. Tsirkin
2024-07-02 20:13 ` [PULL v2 03/91] vhost-vdpa: check vhost_vdpa_set_vring_ready() return value Michael S. Tsirkin
2024-07-02 20:13 ` [PULL v2 04/91] virtio/virtio-pci: Handle extra notification data Michael S. Tsirkin
2024-07-02 20:13 ` [PULL v2 05/91] virtio: Prevent creation of device using notification-data with ioeventfd Michael S. Tsirkin
2024-07-02 20:13 ` [PULL v2 06/91] virtio-mmio: Handle extra notification data Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 07/91] virtio-ccw: " Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 08/91] vhost/vhost-user: Add VIRTIO_F_NOTIFICATION_DATA to vhost feature bits Michael S. Tsirkin
2024-07-02 20:14 ` Michael S. Tsirkin [this message]
2024-07-02 20:14 ` [PULL v2 10/91] vhost-vsock: add VIRTIO_F_RING_PACKED to feature_bits Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 11/91] hw/virtio: Fix obtain the buffer id from the last descriptor Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 12/91] virtio-pci: only reset pm state during resetting Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 13/91] vhost-user-gpu: fix import of DMABUF Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 14/91] Revert "vhost-user: fix lost reconnect" Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 15/91] vhost-user: fix lost reconnect again Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 16/91] hw/cxl/mailbox: change CCI cmd set structure to be a member, not a reference Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 17/91] hw/cxl/mailbox: interface to add CCI commands to an existing CCI Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 18/91] hw/cxl/cxl-mailbox-utils: Add dc_event_log_size field to output payload of identify memory device command Michael S. Tsirkin
2024-07-02 20:14 ` [PULL v2 19/91] hw/cxl/cxl-mailbox-utils: Add dynamic capacity region representative and mailbox command support Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5093bee0fa8a6c9712c96653da3a79bc37a4e45d.1719951026.git.mst@redhat.com \
--to=mst@redhat.com \
--cc=christian.poetzsch@kernkonzept.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).