| Message ID | 1457378754-21649-4-git-send-email-armbru@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi On Mon, Mar 7, 2016 at 8:25 PM, Markus Armbruster <armbru@redhat.com> wrote: > +/* nitpick, extra space here > + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which > + * may or may not name the same files / on the same filesystem now as > + * when we actually open and map them. Iterate over the file > + * descriptors instead, and use qemu_fd_getpagesize(). > + */
Marc-André Lureau <marcandre.lureau@gmail.com> writes: > Hi > > On Mon, Mar 7, 2016 at 8:25 PM, Markus Armbruster <armbru@redhat.com> wrote: >> +/* > > nitpick, extra space here Will fix, thanks! >> + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which >> + * may or may not name the same files / on the same filesystem now as >> + * when we actually open and map them. Iterate over the file >> + * descriptors instead, and use qemu_fd_getpagesize(). >> + */
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index d67c169..0ef6ecd 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path) return fs.f_bsize; } +/* + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which + * may or may not name the same files / on the same filesystem now as + * when we actually open and map them. Iterate over the file + * descriptors instead, and use qemu_fd_getpagesize(). + */ static int find_max_supported_pagesize(Object *obj, void *opaque) { char *mem_path;
The code to find the minimum page size is is vulnerable to TOCTTOU. Added in commit 2d103aa "target-ppc: fix hugepage support when using memory-backend-file" (v2.4.0). Since I can't fix it myself right now, add a FIXME comment. Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> --- target-ppc/kvm.c | 6 ++++++ 1 file changed, 6 insertions(+)