From patchwork Tue Sep 26 20:15:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399667 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 93553E7F124 for ; Tue, 26 Sep 2023 20:17:56 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETa-0000Y6-0d; Tue, 26 Sep 2023 16:16:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETX-0000Wx-MZ for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:07 -0400 Received: from forwardcorp1c.mail.yandex.net ([178.154.239.200]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETS-0002gw-FL for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:07 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id D06A660B81; Tue, 26 Sep 2023 23:15:55 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-5hDZfIZL; Tue, 26 Sep 2023 23:15:55 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759355; bh=jAvh0KaFeV113hpG3Sjju5klfyFefoMWGI2I5yIG3zw=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=g8iwTxPXVsH+ai1czxf9XXDj3gEIKGHKy+as3DnaI+14TWFvh5XYwQwTjOfBVLJ3x DxJJGK7z76tqu0LRnIJ5ltAltPSfjKC/LPFbjT8paPuQBwULvMf//S71iB3MBsEGtl u0tsYvaPwGNByi82wHIj6cIeeNqhId/CxWBzU2/s= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, "Michael S. Tsirkin" , Peter Xu , Jason Wang , Marcel Apfelbaum , Richard Henderson , Eduardo Habkost Subject: [PATCH v2 1/8] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): assert no overflow Date: Tue, 26 Sep 2023 23:15:25 +0300 Message-Id: <20230926201532.221152-2-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=178.154.239.200; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org We support only 3- and 4-level page-tables, which is firstly checked in vtd_decide_config(), then setup in vtd_init(). Than level fields are checked by vtd_is_level_supported(). So here we can't have level out from 1..4 inclusive range. Let's assert it. That also explains Coverity that we are not going to overflow the array. CID: 1487158, 1487186 Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell --- hw/i386/intel_iommu.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index c0ce896668..3b68183b78 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -1027,18 +1027,35 @@ static dma_addr_t vtd_get_iova_pgtbl_base(IntelIOMMUState *s, * Rsvd field masks for spte: * vtd_spte_rsvd 4k pages * vtd_spte_rsvd_large large pages + * + * We support only 3-level and 4-level page tables (see vtd_init() which + * sets only VTD_CAP_SAGAW_39bit and maybe VTD_CAP_SAGAW_48bit bits in s->cap). */ -static uint64_t vtd_spte_rsvd[5]; -static uint64_t vtd_spte_rsvd_large[5]; +#define VTD_SPTE_RSVD_LEN 5 +static uint64_t vtd_spte_rsvd[VTD_SPTE_RSVD_LEN]; +static uint64_t vtd_spte_rsvd_large[VTD_SPTE_RSVD_LEN]; static bool vtd_slpte_nonzero_rsvd(uint64_t slpte, uint32_t level) { - uint64_t rsvd_mask = vtd_spte_rsvd[level]; + uint64_t rsvd_mask; + + /* + * We should have caught a guest-mis-programmed level earlier, + * via vtd_is_level_supported. + */ + assert(level < VTD_SPTE_RSVD_LEN); + /* + * Zero level doesn't exist. The smallest level is VTD_SL_PT_LEVEL=1 and + * checked by vtd_is_last_slpte(). + */ + assert(level); if ((level == VTD_SL_PD_LEVEL || level == VTD_SL_PDP_LEVEL) && (slpte & VTD_SL_PT_PAGE_SIZE_MASK)) { /* large page */ rsvd_mask = vtd_spte_rsvd_large[level]; + } else { + rsvd_mask = vtd_spte_rsvd[level]; } return slpte & rsvd_mask; From patchwork Tue Sep 26 20:15:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399668 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id BFAF8E7F126 for ; Tue, 26 Sep 2023 20:18:03 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETZ-0000Xn-OJ; Tue, 26 Sep 2023 16:16:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETX-0000Wh-8l for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:07 -0400 Received: from forwardcorp1b.mail.yandex.net ([2a02:6b8:c02:900:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETR-0002h2-Pd for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:07 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id 956E56079A; Tue, 26 Sep 2023 23:15:56 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-DGo0cj3F; Tue, 26 Sep 2023 23:15:56 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759356; bh=wvUasXlWa6y9/1/CgE5+CmyIWRY2KP5PRQL2MGutOgg=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=y0gXSfiKetMq0xgii1aqk35pMW9rV2weQ2Qo1vtYVyRLkmtK52Y163nClBW0EVKZ7 IPTmRTqULjYyLHpeE0lNdE6KKrtp5POS3mBsqgrEfGCDgtuX97vy2jk/kB/EJV4p0N BBvEPYohzRbRInUTs4reo8ygIISDtj6XD7LStQg4= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, =?utf-8?q?Daniel_P=2E_B?= =?utf-8?q?errang=C3=A9?= Subject: [PATCH v2 2/8] util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow Date: Tue, 26 Sep 2023 23:15:26 +0300 Message-Id: <20230926201532.221152-3-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=2a02:6b8:c02:900:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Prefer clear assertions instead of [im]possible array overflow. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell --- util/filemonitor-inotify.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/util/filemonitor-inotify.c b/util/filemonitor-inotify.c index 2c45f7f176..2121111f38 100644 --- a/util/filemonitor-inotify.c +++ b/util/filemonitor-inotify.c @@ -81,16 +81,25 @@ static void qemu_file_monitor_watch(void *arg) /* Loop over all events in the buffer */ while (used < len) { - struct inotify_event *ev = - (struct inotify_event *)(buf + used); - const char *name = ev->len ? ev->name : ""; - QFileMonitorDir *dir = g_hash_table_lookup(mon->idmap, - GINT_TO_POINTER(ev->wd)); - uint32_t iev = ev->mask & - (IN_CREATE | IN_MODIFY | IN_DELETE | IN_IGNORED | - IN_MOVED_TO | IN_MOVED_FROM | IN_ATTRIB); + const char *name; + QFileMonitorDir *dir; + uint32_t iev; int qev; gsize i; + struct inotify_event *ev = (struct inotify_event *)(buf + used); + + /* + * We trust the kenel to provide valid buffer with complete event + * records. + */ + assert(len - used >= sizeof(struct inotify_event)); + assert(len - used - sizeof(struct inotify_event) >= ev->len); + + name = ev->len ? ev->name : ""; + dir = g_hash_table_lookup(mon->idmap, GINT_TO_POINTER(ev->wd)); + iev = ev->mask & + (IN_CREATE | IN_MODIFY | IN_DELETE | IN_IGNORED | + IN_MOVED_TO | IN_MOVED_FROM | IN_ATTRIB); used += sizeof(struct inotify_event) + ev->len; From patchwork Tue Sep 26 20:15:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399664 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 3EC0DE7F128 for ; Tue, 26 Sep 2023 20:17:28 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETk-0000aq-5r; Tue, 26 Sep 2023 16:16:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETc-0000ZZ-Jh for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:13 -0400 Received: from forwardcorp1c.mail.yandex.net ([2a02:6b8:c03:500:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETR-0002hE-Pc for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:11 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id 66C7060B72; Tue, 26 Sep 2023 23:15:57 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-NKbQtG43; Tue, 26 Sep 2023 23:15:56 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759356; bh=APD63jVjpKGyXrrj8bpH2G86emsF9emrRj2IUL6CpiU=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=oo3C88nKCjN3Ji0lvH0+9qdAPAtc/i8ltal3/vMacyKT+5nqSKEP0RYTIPiLbj+vK BLyFVchnCDDnawg8blMqmHLRrTvq51YDBJDc8BLzvtdedK7g+r479tf7JXIuhyOxsL tSusOeWrYbad6qhuFGxJDCtwDgPvIZXXLLOpTP48= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, "Michael S. Tsirkin" Subject: [PATCH v2 3/8] libvhost-user.c: add assertion to vu_message_read_default Date: Tue, 26 Sep 2023 23:15:27 +0300 Message-Id: <20230926201532.221152-4-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=2a02:6b8:c03:500:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Explain Coverity that we are not going to overflow vmsg->fds. Signed-off-by: Vladimir Sementsov-Ogievskiy --- subprojects/libvhost-user/libvhost-user.c | 1 + 1 file changed, 1 insertion(+) diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c index 0469a50101..49b57c7ef4 100644 --- a/subprojects/libvhost-user/libvhost-user.c +++ b/subprojects/libvhost-user/libvhost-user.c @@ -322,6 +322,7 @@ vu_message_read_default(VuDev *dev, int conn_fd, VhostUserMsg *vmsg) if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { fd_size = cmsg->cmsg_len - CMSG_LEN(0); vmsg->fd_num = fd_size / sizeof(int); + assert(fd_size < VHOST_MEMORY_BASELINE_NREGIONS); memcpy(vmsg->fds, CMSG_DATA(cmsg), fd_size); break; } From patchwork Tue Sep 26 20:15:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399665 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 58492E7F124 for ; Tue, 26 Sep 2023 20:17:34 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETa-0000YP-Kh; Tue, 26 Sep 2023 16:16:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETX-0000Wi-Br for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:07 -0400 Received: from forwardcorp1c.mail.yandex.net ([2a02:6b8:c03:500:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETR-0002hP-Rj for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:07 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id 4174560B95; Tue, 26 Sep 2023 23:15:58 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-8UOl5cvu; Tue, 26 Sep 2023 23:15:57 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759357; bh=EQA1Z1L3Ok0Pzqy4RW7FAhRw60+o+EX06kmlfEGLGIE=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=iuXBz6kljqjxWUQmRyaGaErXV8Cu9hApa9lzUeGGFU0KVpi8SJf85Ea3iO7zBWBpA TfE4nVzMMkuX/ZKnnmvSeOajtNjLLXoutfEfKUoFm9eiiZLct++xCUlxLrgxClSba2 4znIbHGTSoiJ7+PdeRBbCtaq2whHYE6fsBsmDXBQ= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, "Michael S. Tsirkin" Subject: [PATCH v2 4/8] mc146818rtc: rtc_set_time(): initialize tm to zeroes Date: Tue, 26 Sep 2023 23:15:28 +0300 Message-Id: <20230926201532.221152-5-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=2a02:6b8:c03:500:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org set_time() function doesn't set all the fields, so it's better to initialize tm structure. And Coverity will be happier about it. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell --- hw/rtc/mc146818rtc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/rtc/mc146818rtc.c b/hw/rtc/mc146818rtc.c index c27c362db9..2d391a8396 100644 --- a/hw/rtc/mc146818rtc.c +++ b/hw/rtc/mc146818rtc.c @@ -599,7 +599,7 @@ static void rtc_get_time(MC146818RtcState *s, struct tm *tm) static void rtc_set_time(MC146818RtcState *s) { - struct tm tm; + struct tm tm = {}; g_autofree const char *qom_path = object_get_canonical_path(OBJECT(s)); rtc_get_time(s, &tm); From patchwork Tue Sep 26 20:15:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399663 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C8024E7F12A for ; Tue, 26 Sep 2023 20:17:29 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETd-0000ZO-49; Tue, 26 Sep 2023 16:16:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETY-0000X9-Gm for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:08 -0400 Received: from forwardcorp1c.mail.yandex.net ([178.154.239.200]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETT-0002hU-Bx for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:08 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id 0951760B97; Tue, 26 Sep 2023 23:15:59 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-7te6I8Sr; Tue, 26 Sep 2023 23:15:58 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759358; bh=3bfRsX2bcaRNysuZopQT1GUhW00NrecV1SjNahVWt/I=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=Uvq89eCVs2AlGuqW58Q5O5sBr+wyhPW8wK2SIlegWEQW5GH5Oqt4iythFeRZ4qrj6 e3MPIh2GmUHYa5mxqhr77EHPgWNrq09dxznlyziC/heoNkflZETVke7w49h2LfdFgv paZr0BAs3BfEKhDYwYapHxJ97DZFaa4lmLk3SFLs= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, "Michael S. Tsirkin" , Marcel Apfelbaum Subject: [PATCH v2 5/8] pcie_sriov: unregister_vfs(): fix error path Date: Tue, 26 Sep 2023 23:15:29 +0300 Message-Id: <20230926201532.221152-6-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=178.154.239.200; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org local_err must be NULL before calling object_property_set_bool(), so we must clear it on each iteration. Let's also use more convenient error_reportf_err(). Signed-off-by: Vladimir Sementsov-Ogievskiy --- hw/pci/pcie_sriov.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 76a3b6917e..5ef8950940 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -196,19 +196,16 @@ static void register_vfs(PCIDevice *dev) static void unregister_vfs(PCIDevice *dev) { - Error *local_err = NULL; uint16_t num_vfs = dev->exp.sriov_pf.num_vfs; uint16_t i; trace_sriov_unregister_vfs(dev->name, PCI_SLOT(dev->devfn), PCI_FUNC(dev->devfn), num_vfs); for (i = 0; i < num_vfs; i++) { + Error *err = NULL; PCIDevice *vf = dev->exp.sriov_pf.vf[i]; - object_property_set_bool(OBJECT(vf), "realized", false, &local_err); - if (local_err) { - fprintf(stderr, "Failed to unplug: %s\n", - error_get_pretty(local_err)); - error_free(local_err); + if (!object_property_set_bool(OBJECT(vf), "realized", false, &err)) { + error_reportf_err(err, "Failed to unplug: "); } object_unparent(OBJECT(vf)); object_unref(OBJECT(vf)); From patchwork Tue Sep 26 20:15:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399660 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 024FAE7F126 for ; Tue, 26 Sep 2023 20:17:27 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETb-0000Yj-2K; Tue, 26 Sep 2023 16:16:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETY-0000XG-PW; Tue, 26 Sep 2023 16:16:08 -0400 Received: from forwardcorp1b.mail.yandex.net ([178.154.239.136]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETT-0002hc-N1; Tue, 26 Sep 2023 16:16:08 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id 7B269607AC; Tue, 26 Sep 2023 23:16:00 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-s9ITwPhm; Tue, 26 Sep 2023 23:15:59 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759359; bh=Qr88yzO2svS1+rGVJi/Il3bOpU2quKc+o4WQ98vjCDU=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=OMdfoqqRbClO+a0Lxh+qA555LExXZUz1kW+44v3ZJ6KtgLi6YzFWGFWeNU6+OCaRZ KtKvYYC94GKbUSshOBe1sSPCHkYSbunGVoQQrznHHhJBKWYQ/3hPXPH7pE2ZgT49ll yUlYqzMF0EpP071m+W9PNJEQgkAYrT0gMtF5j0ec= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, stefanha@redhat.com, alex.chen@huawei.com, euler.robot@huawei.com, Fam Zheng , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , Kevin Wolf , Hanna Reitz , qemu-block@nongnu.org (open list:NVMe Block Driver) Subject: [PATCH v2 6/8] block/nvme: nvme_process_completion() fix bound for cid Date: Tue, 26 Sep 2023 23:15:30 +0300 Message-Id: <20230926201532.221152-7-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=178.154.239.136; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org NVMeQueuePair::reqs has length NVME_NUM_REQS, which less than NVME_QUEUE_SIZE by 1. Fixes: 1086e95da17050 ("block/nvme: switch to a NVMeRequest freelist") Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Stefan Hajnoczi --- Cc: stefanha@redhat.com Cc: alex.chen@huawei.com Cc: euler.robot@huawei.com Note, that there was similar patch in the past: https://patchew.org/QEMU/20201208144452.91172-1-alex.chen@huawei.com/ I still think, that using NVME_NUM_REQS is better here. block/nvme.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/block/nvme.c b/block/nvme.c index b6e95f0b7e..0faedf3072 100644 --- a/block/nvme.c +++ b/block/nvme.c @@ -416,9 +416,10 @@ static bool nvme_process_completion(NVMeQueuePair *q) q->cq_phase = !q->cq_phase; } cid = le16_to_cpu(c->cid); - if (cid == 0 || cid > NVME_QUEUE_SIZE) { - warn_report("NVMe: Unexpected CID in completion queue: %"PRIu32", " - "queue size: %u", cid, NVME_QUEUE_SIZE); + if (cid == 0 || cid > NVME_NUM_REQS) { + warn_report("NVMe: Unexpected CID in completion queue: %" PRIu32 + ", should be within: 1..%u inclusively", cid, + NVME_NUM_REQS); continue; } trace_nvme_complete_command(s, q->index, cid); From patchwork Tue Sep 26 20:15:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399666 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 67129E7F126 for ; Tue, 26 Sep 2023 20:17:51 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETj-0000aW-8p; Tue, 26 Sep 2023 16:16:19 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETY-0000XK-Ut for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:09 -0400 Received: from forwardcorp1c.mail.yandex.net ([178.154.239.200]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETU-0002hu-DR for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:08 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id A6F9860BA1; Tue, 26 Sep 2023 23:16:01 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-0B4CWWb9; Tue, 26 Sep 2023 23:16:01 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759361; bh=aaCfmklaWkmNL0irOMq48CDnwFy1cEsXeQY8stTazm4=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=ZFlBfPUI2qSLgfvq6dfyaEwPs5uEqP3PqZtdEJ2l8dVzYaRJ00kU/nrKp0DWVu0/v TdzCKNSGGgfzMUDFVG44bTxsdK5sTxtFOAiXDeRvgv8FC4iTKyKcuRwu5t4flkJHdH PUdEtvgTAbFkcG0FdRUIIkjLn92KN2rWduHy1kxI= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, =?utf-8?q?Philippe_Math?= =?utf-8?q?ieu-Daud=C3=A9?= , Thomas Huth , Richard Henderson , Emilio Cota Subject: [PATCH v2 7/8] hw/core/loader: gunzip(): initialize z_stream Date: Tue, 26 Sep 2023 23:15:31 +0300 Message-Id: <20230926201532.221152-8-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=178.154.239.200; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Coverity signals that variable as being used uninitialized. And really, when work with external APIs that's better to zero out the structure, where we set some fields by hand. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell --- hw/core/loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/core/loader.c b/hw/core/loader.c index 4dd5a71fb7..b7bb44b7f7 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -558,7 +558,7 @@ static void zfree(void *x, void *addr) ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src, size_t srclen) { - z_stream s; + z_stream s = {}; ssize_t dstbytes; int r, i, flags; From patchwork Tue Sep 26 20:15:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vladimir Sementsov-Ogievskiy X-Patchwork-Id: 13399662 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 579F4E7F127 for ; Tue, 26 Sep 2023 20:17:28 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qlETe-0000Zf-Du; Tue, 26 Sep 2023 16:16:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETZ-0000Y4-NT for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:09 -0400 Received: from forwardcorp1b.mail.yandex.net ([178.154.239.136]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qlETU-0002jI-VX for qemu-devel@nongnu.org; Tue, 26 Sep 2023 16:16:09 -0400 Received: from mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net [IPv6:2a02:6b8:c12:550b:0:640:d49b:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id 7D9F96071F; Tue, 26 Sep 2023 23:16:02 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:b41d::1:39]) by mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id ZFWwvr0Oc0U0-y1u5B3CV; Tue, 26 Sep 2023 23:16:01 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1695759361; bh=ou8GZudm1QVqrgm1YLFWVUTc0Kur2k7RwKAHeFH0CfY=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=mZM5/tXe7cjK24YfsmPSl0eoQ+fJXBWeooqSuTBntaZeseLzWaLyIw/1JpMuuPqPv Ko18HD7wMSIy37ebpf4jxS4/3w89kZAph3dMYITZIrzrVDqZxZi6DsQZ4PSYF+TtHr qi0zGetElc/TqXwFOXSz+0YtAnLBDfQHZ7yrSoPY= Authentication-Results: mail-nwsmtp-smtp-corp-main-62.myt.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: pbonzini@redhat.com, vsementsov@yandex-team.ru, peter.maydell@linaro.org, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, =?utf-8?q?Daniel_P=2E_B?= =?utf-8?q?errang=C3=A9?= Subject: [PATCH v2 8/8] io/channel-socket: qio_channel_socket_flush(): improve msg validation Date: Tue, 26 Sep 2023 23:15:32 +0300 Message-Id: <20230926201532.221152-9-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230926201532.221152-1-vsementsov@yandex-team.ru> References: <20230926201532.221152-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Received-SPF: pass client-ip=178.154.239.136; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org For SO_EE_ORIGIN_ZEROCOPY the 32-bit notification range is encoded as [ee_info, ee_data] inclusively, so ee_info should be less or equal to ee_data. Signed-off-by: Vladimir Sementsov-Ogievskiy --- io/channel-socket.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/io/channel-socket.c b/io/channel-socket.c index 02ffb51e99..3a899b0608 100644 --- a/io/channel-socket.c +++ b/io/channel-socket.c @@ -782,6 +782,11 @@ static int qio_channel_socket_flush(QIOChannel *ioc, "Error not from zero copy"); return -1; } + if (serr->ee_data < serr->ee_info) { + error_setg_errno(errp, serr->ee_origin, + "Wrong notification bounds"); + return -1; + } /* No errors, count successfully finished sendmsg()*/ sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;