qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] 9pfs/proxy: Check return value of proxy_marshal()
@ 2021-01-11  9:49 Greg Kurz
  2021-01-11 13:15 ` Christian Schoenebeck via
  2021-01-21 17:04 ` Greg Kurz
  0 siblings, 2 replies; 4+ messages in thread
From: Greg Kurz @ 2021-01-11  9:49 UTC (permalink / raw)
  To: qemu-devel; +Cc: Peter Maydell, Christian Schoenebeck, Greg Kurz

This should always successfully write exactly two 32-bit integers.
Make it clear with an assert(), like v9fs_receive_status() and
v9fs_receive_response() already do when unmarshalling the same
header.

Fixes: Coverity CID 1438968
Signed-off-by: Greg Kurz <groug@kaod.org>
---
 hw/9pfs/9p-proxy.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
index 6f598a0f111c..4aa4e0a3baa0 100644
--- a/hw/9pfs/9p-proxy.c
+++ b/hw/9pfs/9p-proxy.c
@@ -537,7 +537,8 @@ static int v9fs_request(V9fsProxy *proxy, int type, void *response, ...)
     }
 
     /* marshal the header details */
-    proxy_marshal(iovec, 0, "dd", header.type, header.size);
+    retval = proxy_marshal(iovec, 0, "dd", header.type, header.size);
+    assert(retval == 4 * 2);
     header.size += PROXY_HDR_SZ;
 
     retval = qemu_write_full(proxy->sockfd, iovec->iov_base, header.size);




^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] 9pfs/proxy: Check return value of proxy_marshal()
  2021-01-11  9:49 [PATCH] 9pfs/proxy: Check return value of proxy_marshal() Greg Kurz
@ 2021-01-11 13:15 ` Christian Schoenebeck via
  2021-01-14 14:32   ` Greg Kurz
  2021-01-21 17:04 ` Greg Kurz
  1 sibling, 1 reply; 4+ messages in thread
From: Christian Schoenebeck via @ 2021-01-11 13:15 UTC (permalink / raw)
  To: qemu-devel; +Cc: Peter Maydell, Greg Kurz

On Montag, 11. Januar 2021 10:49:56 CET Greg Kurz wrote:
> This should always successfully write exactly two 32-bit integers.
> Make it clear with an assert(), like v9fs_receive_status() and
> v9fs_receive_response() already do when unmarshalling the same
> header.
> 
> Fixes: Coverity CID 1438968
> Signed-off-by: Greg Kurz <groug@kaod.org>

Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>

What's your workload Greg, are you able to push this through your queue?

It's time that I signup for coverity. I'm doing that now before I forget it  
again.

> ---
>  hw/9pfs/9p-proxy.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
> index 6f598a0f111c..4aa4e0a3baa0 100644
> --- a/hw/9pfs/9p-proxy.c
> +++ b/hw/9pfs/9p-proxy.c
> @@ -537,7 +537,8 @@ static int v9fs_request(V9fsProxy *proxy, int type, void
> *response, ...) }
> 
>      /* marshal the header details */
> -    proxy_marshal(iovec, 0, "dd", header.type, header.size);
> +    retval = proxy_marshal(iovec, 0, "dd", header.type, header.size);
> +    assert(retval == 4 * 2);
>      header.size += PROXY_HDR_SZ;
> 
>      retval = qemu_write_full(proxy->sockfd, iovec->iov_base, header.size);

Best regards,
Christian Schoenebeck




^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] 9pfs/proxy: Check return value of proxy_marshal()
  2021-01-11 13:15 ` Christian Schoenebeck via
@ 2021-01-14 14:32   ` Greg Kurz
  0 siblings, 0 replies; 4+ messages in thread
From: Greg Kurz @ 2021-01-14 14:32 UTC (permalink / raw)
  To: Christian Schoenebeck; +Cc: Peter Maydell, qemu-devel

On Mon, 11 Jan 2021 14:15:17 +0100
Christian Schoenebeck <qemu_oss@crudebyte.com> wrote:

> On Montag, 11. Januar 2021 10:49:56 CET Greg Kurz wrote:
> > This should always successfully write exactly two 32-bit integers.
> > Make it clear with an assert(), like v9fs_receive_status() and
> > v9fs_receive_response() already do when unmarshalling the same
> > header.
> > 
> > Fixes: Coverity CID 1438968
> > Signed-off-by: Greg Kurz <groug@kaod.org>
> 
> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
> 
> What's your workload Greg, are you able to push this through your queue?
> 

I'll take care of the security issue first, likely later today or tomorrow.
It is generally recommended to have separate PRs for CVEs, in order to
ease the backport effort of downstream vendors.

No hurry for this patch though. It isn't even a bug fix : we really can't
get an error at this point since previous calls to proxy_marshal() in this
function obviously succeeded at writing stuff at higher offsets... So this
is really a cosmetic only change to make Coverity happy.

I might be able to send a PR with this next week or the week after I guess.

> It's time that I signup for coverity. I'm doing that now before I forget it  
> again.
> 
> > ---
> >  hw/9pfs/9p-proxy.c |    3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
> > index 6f598a0f111c..4aa4e0a3baa0 100644
> > --- a/hw/9pfs/9p-proxy.c
> > +++ b/hw/9pfs/9p-proxy.c
> > @@ -537,7 +537,8 @@ static int v9fs_request(V9fsProxy *proxy, int type, void
> > *response, ...) }
> > 
> >      /* marshal the header details */
> > -    proxy_marshal(iovec, 0, "dd", header.type, header.size);
> > +    retval = proxy_marshal(iovec, 0, "dd", header.type, header.size);
> > +    assert(retval == 4 * 2);
> >      header.size += PROXY_HDR_SZ;
> > 
> >      retval = qemu_write_full(proxy->sockfd, iovec->iov_base, header.size);
> 
> Best regards,
> Christian Schoenebeck
> 
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] 9pfs/proxy: Check return value of proxy_marshal()
  2021-01-11  9:49 [PATCH] 9pfs/proxy: Check return value of proxy_marshal() Greg Kurz
  2021-01-11 13:15 ` Christian Schoenebeck via
@ 2021-01-21 17:04 ` Greg Kurz
  1 sibling, 0 replies; 4+ messages in thread
From: Greg Kurz @ 2021-01-21 17:04 UTC (permalink / raw)
  To: qemu-devel; +Cc: Peter Maydell, Christian Schoenebeck

On Mon, 11 Jan 2021 10:49:56 +0100
Greg Kurz <groug@kaod.org> wrote:

> This should always successfully write exactly two 32-bit integers.
> Make it clear with an assert(), like v9fs_receive_status() and
> v9fs_receive_response() already do when unmarshalling the same
> header.
> 
> Fixes: Coverity CID 1438968
> Signed-off-by: Greg Kurz <groug@kaod.org>
> ---

Applied to https://gitlab.com/gkurz/qemu/-/tree/9p-next

>  hw/9pfs/9p-proxy.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c
> index 6f598a0f111c..4aa4e0a3baa0 100644
> --- a/hw/9pfs/9p-proxy.c
> +++ b/hw/9pfs/9p-proxy.c
> @@ -537,7 +537,8 @@ static int v9fs_request(V9fsProxy *proxy, int type, void *response, ...)
>      }
>  
>      /* marshal the header details */
> -    proxy_marshal(iovec, 0, "dd", header.type, header.size);
> +    retval = proxy_marshal(iovec, 0, "dd", header.type, header.size);
> +    assert(retval == 4 * 2);
>      header.size += PROXY_HDR_SZ;
>  
>      retval = qemu_write_full(proxy->sockfd, iovec->iov_base, header.size);
> 
> 



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-21 17:22 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11  9:49 [PATCH] 9pfs/proxy: Check return value of proxy_marshal() Greg Kurz
2021-01-11 13:15 ` Christian Schoenebeck via
2021-01-14 14:32   ` Greg Kurz
2021-01-21 17:04 ` Greg Kurz

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).