* [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
@ 2021-10-11 20:10 David Hildenbrand
2021-10-13 6:05 ` Raphael Norwitz
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: David Hildenbrand @ 2021-10-11 20:10 UTC (permalink / raw)
To: qemu-devel
Cc: Michael S . Tsirkin, David Hildenbrand, qemu-stable, Coiby Xu,
Raphael Norwitz, Stefan Hajnoczi, Paolo Bonzini,
Marc-André Lureau
We end up not copying the mmap_addr of all existing regions, resulting
in a SEGFAULT once we actually try to map/access anything within our
memory regions.
Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
Cc: qemu-stable@nongnu.org
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Coiby Xu <coiby.xu@gmail.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
---
subprojects/libvhost-user/libvhost-user.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
index bf09693255..787f4d2d4f 100644
--- a/subprojects/libvhost-user/libvhost-user.c
+++ b/subprojects/libvhost-user/libvhost-user.c
@@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
shadow_regions[j].gpa = dev->regions[i].gpa;
shadow_regions[j].size = dev->regions[i].size;
shadow_regions[j].qva = dev->regions[i].qva;
+ shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
j++;
} else {
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-11 20:10 [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr David Hildenbrand
@ 2021-10-13 6:05 ` Raphael Norwitz
2021-10-13 9:40 ` Stefan Hajnoczi
2021-10-13 9:41 ` Stefan Hajnoczi
2 siblings, 0 replies; 8+ messages in thread
From: Raphael Norwitz @ 2021-10-13 6:05 UTC (permalink / raw)
To: David Hildenbrand
Cc: Michael S . Tsirkin, qemu-stable, qemu-devel, Coiby Xu,
Raphael Norwitz, Stefan Hajnoczi, Paolo Bonzini,
Marc-André Lureau
On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> We end up not copying the mmap_addr of all existing regions, resulting
> in a SEGFAULT once we actually try to map/access anything within our
> memory regions.
>
> Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> Cc: qemu-stable@nongnu.org
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Coiby Xu <coiby.xu@gmail.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
> ---
> subprojects/libvhost-user/libvhost-user.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
> index bf09693255..787f4d2d4f 100644
> --- a/subprojects/libvhost-user/libvhost-user.c
> +++ b/subprojects/libvhost-user/libvhost-user.c
> @@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> shadow_regions[j].gpa = dev->regions[i].gpa;
> shadow_regions[j].size = dev->regions[i].size;
> shadow_regions[j].qva = dev->regions[i].qva;
> + shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
> shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
> j++;
> } else {
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-11 20:10 [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr David Hildenbrand
2021-10-13 6:05 ` Raphael Norwitz
@ 2021-10-13 9:40 ` Stefan Hajnoczi
2021-10-14 4:52 ` Raphael Norwitz
2021-10-13 9:41 ` Stefan Hajnoczi
2 siblings, 1 reply; 8+ messages in thread
From: Stefan Hajnoczi @ 2021-10-13 9:40 UTC (permalink / raw)
To: Raphael Norwitz
Cc: Michael S . Tsirkin, David Hildenbrand, qemu-devel, Coiby Xu,
qemu-stable, Paolo Bonzini, Marc-André Lureau
[-- Attachment #1: Type: text/plain, Size: 2103 bytes --]
On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> We end up not copying the mmap_addr of all existing regions, resulting
> in a SEGFAULT once we actually try to map/access anything within our
> memory regions.
>
> Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> Cc: qemu-stable@nongnu.org
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Coiby Xu <coiby.xu@gmail.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
> subprojects/libvhost-user/libvhost-user.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
> index bf09693255..787f4d2d4f 100644
> --- a/subprojects/libvhost-user/libvhost-user.c
> +++ b/subprojects/libvhost-user/libvhost-user.c
> @@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> shadow_regions[j].gpa = dev->regions[i].gpa;
> shadow_regions[j].size = dev->regions[i].size;
> shadow_regions[j].qva = dev->regions[i].qva;
> + shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
> shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
> j++;
> } else {
Raphael: Some questions about vu_rem_mem_reg():
- What ensures that shadow_regions[VHOST_USER_MAX_RAM_SLOTS] is large
enough? The add_mem_reg/set_mem_table code doesn't seem to check
whether there is enough space in dev->regions[] before adding regions.
- What happens when the master populated dev->regions[] with multiple
copies of the same region? dev->nregions is only decremented once and
no longer accurately reflects the number of elements in
dev->regions[].
libvhost-user must not trust the vhost-user master since vhost-user
needs to provide process isolation. Please add input validation.
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-11 20:10 [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr David Hildenbrand
2021-10-13 6:05 ` Raphael Norwitz
2021-10-13 9:40 ` Stefan Hajnoczi
@ 2021-10-13 9:41 ` Stefan Hajnoczi
2 siblings, 0 replies; 8+ messages in thread
From: Stefan Hajnoczi @ 2021-10-13 9:41 UTC (permalink / raw)
To: David Hildenbrand
Cc: Michael S . Tsirkin, qemu-stable, qemu-devel, Coiby Xu,
Raphael Norwitz, Paolo Bonzini, Marc-André Lureau
[-- Attachment #1: Type: text/plain, Size: 824 bytes --]
On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> We end up not copying the mmap_addr of all existing regions, resulting
> in a SEGFAULT once we actually try to map/access anything within our
> memory regions.
>
> Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> Cc: qemu-stable@nongnu.org
> Cc: Michael S. Tsirkin <mst@redhat.com>
> Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Coiby Xu <coiby.xu@gmail.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
> subprojects/libvhost-user/libvhost-user.c | 1 +
> 1 file changed, 1 insertion(+)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-13 9:40 ` Stefan Hajnoczi
@ 2021-10-14 4:52 ` Raphael Norwitz
2021-10-14 9:34 ` Stefan Hajnoczi
2021-10-18 13:49 ` Michael S. Tsirkin
0 siblings, 2 replies; 8+ messages in thread
From: Raphael Norwitz @ 2021-10-14 4:52 UTC (permalink / raw)
To: Stefan Hajnoczi
Cc: Michael S . Tsirkin, David Hildenbrand, qemu-stable, Coiby Xu,
qemu-devel, Paolo Bonzini, Marc-André Lureau,
Raphael Norwitz
On Wed, Oct 13, 2021 at 10:40:46AM +0100, Stefan Hajnoczi wrote:
> On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> > We end up not copying the mmap_addr of all existing regions, resulting
> > in a SEGFAULT once we actually try to map/access anything within our
> > memory regions.
> >
> > Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> > Cc: qemu-stable@nongnu.org
> > Cc: Michael S. Tsirkin <mst@redhat.com>
> > Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> > Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> > Cc: Stefan Hajnoczi <stefanha@redhat.com>
> > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > Cc: Coiby Xu <coiby.xu@gmail.com>
> > Signed-off-by: David Hildenbrand <david@redhat.com>
> > ---
> > subprojects/libvhost-user/libvhost-user.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
> > index bf09693255..787f4d2d4f 100644
> > --- a/subprojects/libvhost-user/libvhost-user.c
> > +++ b/subprojects/libvhost-user/libvhost-user.c
> > @@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> > shadow_regions[j].gpa = dev->regions[i].gpa;
> > shadow_regions[j].size = dev->regions[i].size;
> > shadow_regions[j].qva = dev->regions[i].qva;
> > + shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
> > shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
> > j++;
> > } else {
>
> Raphael: Some questions about vu_rem_mem_reg():
>
> - What ensures that shadow_regions[VHOST_USER_MAX_RAM_SLOTS] is large
> enough? The add_mem_reg/set_mem_table code doesn't seem to check
> whether there is enough space in dev->regions[] before adding regions.
>
Correct - it does not check if there is enough space as is. I can add that.
> - What happens when the master populated dev->regions[] with multiple
> copies of the same region? dev->nregions is only decremented once and
> no longer accurately reflects the number of elements in
> dev->regions[].
That case is also not accounted for. I will add it.
>
> libvhost-user must not trust the vhost-user master since vhost-user
> needs to provide process isolation. Please add input validation.
>
Got it - let me start working on a series.
> Stefan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-14 4:52 ` Raphael Norwitz
@ 2021-10-14 9:34 ` Stefan Hajnoczi
2021-10-18 13:49 ` Michael S. Tsirkin
1 sibling, 0 replies; 8+ messages in thread
From: Stefan Hajnoczi @ 2021-10-14 9:34 UTC (permalink / raw)
To: Raphael Norwitz
Cc: Michael S . Tsirkin, David Hildenbrand, qemu-devel, Coiby Xu,
qemu-stable, Paolo Bonzini, Marc-André Lureau
[-- Attachment #1: Type: text/plain, Size: 2639 bytes --]
On Thu, Oct 14, 2021 at 04:52:48AM +0000, Raphael Norwitz wrote:
> On Wed, Oct 13, 2021 at 10:40:46AM +0100, Stefan Hajnoczi wrote:
> > On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> > > We end up not copying the mmap_addr of all existing regions, resulting
> > > in a SEGFAULT once we actually try to map/access anything within our
> > > memory regions.
> > >
> > > Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> > > Cc: qemu-stable@nongnu.org
> > > Cc: Michael S. Tsirkin <mst@redhat.com>
> > > Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> > > Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> > > Cc: Stefan Hajnoczi <stefanha@redhat.com>
> > > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > > Cc: Coiby Xu <coiby.xu@gmail.com>
> > > Signed-off-by: David Hildenbrand <david@redhat.com>
> > > ---
> > > subprojects/libvhost-user/libvhost-user.c | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
> > > index bf09693255..787f4d2d4f 100644
> > > --- a/subprojects/libvhost-user/libvhost-user.c
> > > +++ b/subprojects/libvhost-user/libvhost-user.c
> > > @@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> > > shadow_regions[j].gpa = dev->regions[i].gpa;
> > > shadow_regions[j].size = dev->regions[i].size;
> > > shadow_regions[j].qva = dev->regions[i].qva;
> > > + shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
> > > shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
> > > j++;
> > > } else {
> >
> > Raphael: Some questions about vu_rem_mem_reg():
> >
> > - What ensures that shadow_regions[VHOST_USER_MAX_RAM_SLOTS] is large
> > enough? The add_mem_reg/set_mem_table code doesn't seem to check
> > whether there is enough space in dev->regions[] before adding regions.
> >
>
> Correct - it does not check if there is enough space as is. I can add that.
>
> > - What happens when the master populated dev->regions[] with multiple
> > copies of the same region? dev->nregions is only decremented once and
> > no longer accurately reflects the number of elements in
> > dev->regions[].
>
> That case is also not accounted for. I will add it.
>
> >
> > libvhost-user must not trust the vhost-user master since vhost-user
> > needs to provide process isolation. Please add input validation.
> >
>
> Got it - let me start working on a series.
Great, thank you!
Stefan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-14 4:52 ` Raphael Norwitz
2021-10-14 9:34 ` Stefan Hajnoczi
@ 2021-10-18 13:49 ` Michael S. Tsirkin
2021-10-18 14:33 ` Raphael Norwitz
1 sibling, 1 reply; 8+ messages in thread
From: Michael S. Tsirkin @ 2021-10-18 13:49 UTC (permalink / raw)
To: Raphael Norwitz
Cc: David Hildenbrand, qemu-devel, Coiby Xu, qemu-stable,
Stefan Hajnoczi, Paolo Bonzini, Marc-André Lureau
On Thu, Oct 14, 2021 at 04:52:48AM +0000, Raphael Norwitz wrote:
> On Wed, Oct 13, 2021 at 10:40:46AM +0100, Stefan Hajnoczi wrote:
> > On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> > > We end up not copying the mmap_addr of all existing regions, resulting
> > > in a SEGFAULT once we actually try to map/access anything within our
> > > memory regions.
> > >
> > > Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> > > Cc: qemu-stable@nongnu.org
> > > Cc: Michael S. Tsirkin <mst@redhat.com>
> > > Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> > > Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> > > Cc: Stefan Hajnoczi <stefanha@redhat.com>
> > > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > > Cc: Coiby Xu <coiby.xu@gmail.com>
> > > Signed-off-by: David Hildenbrand <david@redhat.com>
> > > ---
> > > subprojects/libvhost-user/libvhost-user.c | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
> > > index bf09693255..787f4d2d4f 100644
> > > --- a/subprojects/libvhost-user/libvhost-user.c
> > > +++ b/subprojects/libvhost-user/libvhost-user.c
> > > @@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> > > shadow_regions[j].gpa = dev->regions[i].gpa;
> > > shadow_regions[j].size = dev->regions[i].size;
> > > shadow_regions[j].qva = dev->regions[i].qva;
> > > + shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
> > > shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
> > > j++;
> > > } else {
> >
> > Raphael: Some questions about vu_rem_mem_reg():
> >
> > - What ensures that shadow_regions[VHOST_USER_MAX_RAM_SLOTS] is large
> > enough? The add_mem_reg/set_mem_table code doesn't seem to check
> > whether there is enough space in dev->regions[] before adding regions.
> >
>
> Correct - it does not check if there is enough space as is. I can add that.
Just making sure - you are now working on series supreceding this patch?
Is that right?
> > - What happens when the master populated dev->regions[] with multiple
> > copies of the same region? dev->nregions is only decremented once and
> > no longer accurately reflects the number of elements in
> > dev->regions[].
>
> That case is also not accounted for. I will add it.
>
> >
> > libvhost-user must not trust the vhost-user master since vhost-user
> > needs to provide process isolation. Please add input validation.
> >
>
> Got it - let me start working on a series.
>
> > Stefan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr
2021-10-18 13:49 ` Michael S. Tsirkin
@ 2021-10-18 14:33 ` Raphael Norwitz
0 siblings, 0 replies; 8+ messages in thread
From: Raphael Norwitz @ 2021-10-18 14:33 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: David Hildenbrand, qemu-stable, Coiby Xu, qemu-devel,
Stefan Hajnoczi, Paolo Bonzini, Marc-André Lureau,
Raphael Norwitz
On Mon, Oct 18, 2021 at 09:49:53AM -0400, Michael S. Tsirkin wrote:
> On Thu, Oct 14, 2021 at 04:52:48AM +0000, Raphael Norwitz wrote:
> > On Wed, Oct 13, 2021 at 10:40:46AM +0100, Stefan Hajnoczi wrote:
> > > On Mon, Oct 11, 2021 at 10:10:47PM +0200, David Hildenbrand wrote:
> > > > We end up not copying the mmap_addr of all existing regions, resulting
> > > > in a SEGFAULT once we actually try to map/access anything within our
> > > > memory regions.
> > > >
> > > > Fixes: 875b9fd97b34 ("Support individual region unmap in libvhost-user")
> > > > Cc: qemu-stable@nongnu.org
> > > > Cc: Michael S. Tsirkin <mst@redhat.com>
> > > > Cc: Raphael Norwitz <raphael.norwitz@nutanix.com>
> > > > Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
> > > > Cc: Stefan Hajnoczi <stefanha@redhat.com>
> > > > Cc: Paolo Bonzini <pbonzini@redhat.com>
> > > > Cc: Coiby Xu <coiby.xu@gmail.com>
> > > > Signed-off-by: David Hildenbrand <david@redhat.com>
> > > > ---
> > > > subprojects/libvhost-user/libvhost-user.c | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > > > diff --git a/subprojects/libvhost-user/libvhost-user.c b/subprojects/libvhost-user/libvhost-user.c
> > > > index bf09693255..787f4d2d4f 100644
> > > > --- a/subprojects/libvhost-user/libvhost-user.c
> > > > +++ b/subprojects/libvhost-user/libvhost-user.c
> > > > @@ -816,6 +816,7 @@ vu_rem_mem_reg(VuDev *dev, VhostUserMsg *vmsg) {
> > > > shadow_regions[j].gpa = dev->regions[i].gpa;
> > > > shadow_regions[j].size = dev->regions[i].size;
> > > > shadow_regions[j].qva = dev->regions[i].qva;
> > > > + shadow_regions[j].mmap_addr = dev->regions[i].mmap_addr;
> > > > shadow_regions[j].mmap_offset = dev->regions[i].mmap_offset;
> > > > j++;
> > > > } else {
> > >
> > > Raphael: Some questions about vu_rem_mem_reg():
> > >
> > > - What ensures that shadow_regions[VHOST_USER_MAX_RAM_SLOTS] is large
> > > enough? The add_mem_reg/set_mem_table code doesn't seem to check
> > > whether there is enough space in dev->regions[] before adding regions.
> > >
> >
> > Correct - it does not check if there is enough space as is. I can add that.
>
>
> Just making sure - you are now working on series supreceding this patch?
> Is that right?
I was just going to fix the missing input validation. This looks like a
standalone issue and in my opinon the fix should go in as is. I will
base my changes on top of it.
>
> > > - What happens when the master populated dev->regions[] with multiple
> > > copies of the same region? dev->nregions is only decremented once and
> > > no longer accurately reflects the number of elements in
> > > dev->regions[].
> >
> > That case is also not accounted for. I will add it.
> >
> > >
> > > libvhost-user must not trust the vhost-user master since vhost-user
> > > needs to provide process isolation. Please add input validation.
> > >
> >
> > Got it - let me start working on a series.
> >
> > > Stefan
>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-10-18 14:34 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-11 20:10 [PATCH v1] libvhost-user: fix VHOST_USER_REM_MEM_REG skipping mmap_addr David Hildenbrand
2021-10-13 6:05 ` Raphael Norwitz
2021-10-13 9:40 ` Stefan Hajnoczi
2021-10-14 4:52 ` Raphael Norwitz
2021-10-14 9:34 ` Stefan Hajnoczi
2021-10-18 13:49 ` Michael S. Tsirkin
2021-10-18 14:33 ` Raphael Norwitz
2021-10-13 9:41 ` Stefan Hajnoczi
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.