[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 for-1.6 1/6] rdma: use resp.len after validation
From: |
mrhines |
Subject: |
[Qemu-devel] [PATCH v2 for-1.6 1/6] rdma: use resp.len after validation in qemu_rdma_registration_stop |
Date: |
Fri, 9 Aug 2013 16:05:40 -0400 |
From: Isaku Yamahata <address@hidden>
resp.len is given from remote host. So should be validated before use.
Otherwise memcpy can access beyond the buffer.
Cc: Michael R. Hines <address@hidden>
Reviewed-by: Orit Wasserman <address@hidden>
Reviewed-by: Michael R. Hines <address@hidden>
Signed-off-by: Isaku Yamahata <address@hidden>
Signed-off-by: Michael R. Hines <address@hidden>
---
migration-rdma.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/migration-rdma.c b/migration-rdma.c
index 3a380d4..6721266 100644
--- a/migration-rdma.c
+++ b/migration-rdma.c
@@ -3045,10 +3045,6 @@ static int qemu_rdma_registration_stop(QEMUFile *f, void
*opaque,
return ret;
}
- qemu_rdma_move_header(rdma, reg_result_idx, &resp);
- memcpy(rdma->block,
- rdma->wr_data[reg_result_idx].control_curr, resp.len);
-
nb_remote_blocks = resp.len / sizeof(RDMARemoteBlock);
/*
@@ -3070,6 +3066,9 @@ static int qemu_rdma_registration_stop(QEMUFile *f, void
*opaque,
return -EINVAL;
}
+ qemu_rdma_move_header(rdma, reg_result_idx, &resp);
+ memcpy(rdma->block,
+ rdma->wr_data[reg_result_idx].control_curr, resp.len);
for (i = 0; i < nb_remote_blocks; i++) {
network_to_remote_block(&rdma->block[i]);
--
1.7.10.4
- [Qemu-devel] [PATCH v2 for-1.6 0/6] rdma: uh oh! IPv6 broken in linux - need workaround, mrhines, 2013/08/09
- [Qemu-devel] [PATCH v2 for-1.6 3/6] rdma: check if RDMAControlHeader::len match transferred byte, mrhines, 2013/08/09
- [Qemu-devel] [PATCH v2 for-1.6 5/6] rdma: IPv6 over Ethernet (RoCE) is broken in linux - workaround, mrhines, 2013/08/09
- [Qemu-devel] [PATCH v2 for-1.6 2/6] rdma: validate RDMAControlHeader::len, mrhines, 2013/08/09
- [Qemu-devel] [PATCH v2 for-1.6 1/6] rdma: use resp.len after validation in qemu_rdma_registration_stop,
mrhines <=
- Re: [Qemu-devel] [PATCH v2 for-1.6 0/6] rdma: uh oh! IPv6 broken in linux - need workaround, Anthony Liguori, 2013/08/14