diff mbox

[v3,01/40] target-ppc: Document TOCTTOU in hugepage support

Message ID 1458066895-20632-2-git-send-email-armbru@redhat.com (mailing list archive)
State New, archived
Headers show

Commit Message

Markus Armbruster March 15, 2016, 6:34 p.m. UTC
The code to find the minimum page size is is vulnerable to TOCTTOU.
Added in commit 2d103aa "target-ppc: fix hugepage support when using
memory-backend-file" (v2.4.0).  Since I can't fix it myself right now,
add a FIXME comment.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 target-ppc/kvm.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Marc-André Lureau March 18, 2016, 3:04 p.m. UTC | #1
Hi

On Tue, Mar 15, 2016 at 7:34 PM, Markus Armbruster <armbru@redhat.com> wrote:
> The code to find the minimum page size is is vulnerable to TOCTTOU.
> Added in commit 2d103aa "target-ppc: fix hugepage support when using
> memory-backend-file" (v2.4.0).  Since I can't fix it myself right now,
> add a FIXME comment.
>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
> Signed-off-by: Markus Armbruster <armbru@redhat.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>


> ---
>  target-ppc/kvm.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
> index d67c169..5be57a7 100644
> --- a/target-ppc/kvm.c
> +++ b/target-ppc/kvm.c
> @@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path)
>      return fs.f_bsize;
>  }
>
> +/*
> + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
> + * may or may not name the same files / on the same filesystem now as
> + * when we actually open and map them.  Iterate over the file
> + * descriptors instead, and use qemu_fd_getpagesize().
> + */
>  static int find_max_supported_pagesize(Object *obj, void *opaque)
>  {
>      char *mem_path;
> --
> 2.4.3
>
>
diff mbox

Patch

diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index d67c169..5be57a7 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -333,6 +333,12 @@  static long gethugepagesize(const char *mem_path)
     return fs.f_bsize;
 }
 
+/*
+ * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
+ * may or may not name the same files / on the same filesystem now as
+ * when we actually open and map them.  Iterate over the file
+ * descriptors instead, and use qemu_fd_getpagesize().
+ */
 static int find_max_supported_pagesize(Object *obj, void *opaque)
 {
     char *mem_path;