[PATCH v2 8/8] io/channel-socket: qio_channel_socket

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 8/8] io/channel-socket: qio_channel_socket_flush(): improve ms

From:	Vladimir Sementsov-Ogievskiy
Subject:	[PATCH v2 8/8] io/channel-socket: qio_channel_socket_flush(): improve msg validation
Date:	Tue, 26 Sep 2023 23:15:32 +0300

For SO_EE_ORIGIN_ZEROCOPY the 32-bit notification range is encoded
as [ee_info, ee_data] inclusively, so ee_info should be less or
equal to ee_data.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
---
 io/channel-socket.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/io/channel-socket.c b/io/channel-socket.c
index 02ffb51e99..3a899b0608 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -782,6 +782,11 @@ static int qio_channel_socket_flush(QIOChannel *ioc,
                              "Error not from zero copy");
             return -1;
         }
+        if (serr->ee_data < serr->ee_info) {
+            error_setg_errno(errp, serr->ee_origin,
+                             "Wrong notification bounds");
+            return -1;
+        }
 
         /* No errors, count successfully finished sendmsg()*/
         sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;
-- 
2.34.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 2/8] util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow, (continued)
- [PATCH v2 2/8] util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH v2 2/8] util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow, Peter Maydell, 2023/09/26
- [PATCH v2 4/8] mc146818rtc: rtc_set_time(): initialize tm to zeroes, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH v2 4/8] mc146818rtc: rtc_set_time(): initialize tm to zeroes, Peter Maydell, 2023/09/26
- [PATCH v2 6/8] block/nvme: nvme_process_completion() fix bound for cid, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH v2 6/8] block/nvme: nvme_process_completion() fix bound for cid, Stefan Hajnoczi, 2023/09/26
- [PATCH v2 1/8] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): assert no overflow, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH v2 1/8] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): assert no overflow, Peter Maydell, 2023/09/26
- [PATCH v2 5/8] pcie_sriov: unregister_vfs(): fix error path, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH v2 5/8] pcie_sriov: unregister_vfs(): fix error path, Vladimir Sementsov-Ogievskiy, 2023/09/26
- [PATCH v2 8/8] io/channel-socket: qio_channel_socket_flush(): improve msg validation, Vladimir Sementsov-Ogievskiy <=
- [PATCH v2 7/8] hw/core/loader: gunzip(): initialize z_stream, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH v2 7/8] hw/core/loader: gunzip(): initialize z_stream, Peter Maydell, 2023/09/26
- [PATCH v2 3/8] libvhost-user.c: add assertion to vu_message_read_default, Vladimir Sementsov-Ogievskiy, 2023/09/26
- Re: [PATCH v2 0/8] coverity fixes, Maksim Davydov, 2023/09/27

Prev by Date: [PATCH v2 5/8] pcie_sriov: unregister_vfs(): fix error path
Next by Date: [PATCH v2 7/8] hw/core/loader: gunzip(): initialize z_stream
Previous by thread: Re: [PATCH v2 5/8] pcie_sriov: unregister_vfs(): fix error path
Next by thread: [PATCH v2 7/8] hw/core/loader: gunzip(): initialize z_stream
Index(es):
- Date
- Thread