display: virtio-gpu-3d: check virgl capabilities max_size

Message ID	alpine.LFD.2.20.1612131946260.6601@wniryva (mailing list archive)
State	New, archived
Headers	show Return-Path: <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org> Date: Tue, 13 Dec 2016 19:56:30 +0530 (IST) From: P J P <ppandit@redhat.com> To: Gerd Hoffmann <kraxel@redhat.com> In-Reply-To: <1481630872.27088.128.camel@redhat.com> Message-ID: <alpine.LFD.2.20.1612131946260.6601@wniryva> References: <20161213071439.32322-1-ppandit@redhat.com> <1481627861.27088.116.camel@redhat.com> <alpine.LFD.2.20.1612131703450.6298@wniryva> <1481630872.27088.128.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Subject: Re: [Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl capabilities max_size Precedence: list Cc: Zhenhao Hong <zhenhaohong@gmail.com>, Qemu Developers <qemu-devel@nongnu.org> Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Message ID

alpine.LFD.2.20.1612131946260.6601@wniryva (mailing list archive)

State

New, archived

Headers

Date: Tue, 13 Dec 2016 19:56:30 +0530 (IST)
From: P J P <ppandit@redhat.com>
To: Gerd Hoffmann <kraxel@redhat.com>
In-Reply-To: <1481630872.27088.128.camel@redhat.com>
Message-ID: <alpine.LFD.2.20.1612131946260.6601@wniryva>
References: <20161213071439.32322-1-ppandit@redhat.com>
	<1481627861.27088.116.camel@redhat.com>
	<alpine.LFD.2.20.1612131703450.6298@wniryva>
	<1481630872.27088.128.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Subject: Re: [Qemu-devel] [PATCH] display: virtio-gpu-3d: check virgl
	capabilities max_size
Precedence: list
Cc: Zhenhao Hong <zhenhaohong@gmail.com>,
	Qemu Developers <qemu-devel@nongnu.org>
Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Commit Message

Prasad Pandit Dec. 13, 2016, 2:26 p.m. UTC

+-- On Tue, 13 Dec 2016, Gerd Hoffmann wrote --+
| I guess we want throw an error (VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER)
| in the error case then instead of leaving resp->hdr.type unset.

  I see, okay. Does the patch below look okay?

===

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Comments

Marc-André Lureau Dec. 13, 2016, 4:01 p.m. UTC | #1

Hi

On Tue, Dec 13, 2016 at 5:27 PM P J P <ppandit@redhat.com> wrote:

> +-- On Tue, 13 Dec 2016, Gerd Hoffmann wrote --+
> | I guess we want throw an error (VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER)
> | in the error case then instead of leaving resp->hdr.type unset.
>
>   I see, okay. Does the patch below look okay?
>
> ===
> diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
> index 758d33a..6ceeba3 100644
> --- a/hw/display/virtio-gpu-3d.c
> +++ b/hw/display/virtio-gpu-3d.c
> @@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
>
>      virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
>                                 &max_size);
> -    resp = g_malloc(sizeof(*resp) + max_size);
> +    if (!max_size) {
> +        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
> +        return;
> +    }
>
> +    resp = g_malloc(sizeof(*resp) + max_size);
>      resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
>      virgl_renderer_fill_caps(gc.capset_id,
>                               gc.capset_version,
> ===
>
>
That looks good to me, waiting for the proper patch.


> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>
> --
Marc-André Lureau

Prasad Pandit Dec. 14, 2016, 7:03 a.m. UTC | #2

+-- On Tue, 13 Dec 2016, Marc-André Lureau wrote --+
| > -    resp = g_malloc(sizeof(*resp) + max_size);
| > +    if (!max_size) {
| > +        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
| > +        return;
| > +    }
| >
| > +    resp = g_malloc(sizeof(*resp) + max_size);
| >      resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
|
| That looks good to me, waiting for the proper patch.

Okay, sent. Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

===
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 758d33a..6ceeba3 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -370,8 +370,12 @@  static void virgl_cmd_get_capset(VirtIOGPU *g,
 
     virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
                                &max_size);
-    resp = g_malloc(sizeof(*resp) + max_size);
+    if (!max_size) {
+        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+        return;
+    }
 
+    resp = g_malloc(sizeof(*resp) + max_size);
     resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
     virgl_renderer_fill_caps(gc.capset_id,
                              gc.capset_version,

display: virtio-gpu-3d: check virgl capabilities max_size

Commit Message

Comments

Patch