* [PATCH] virtio_console: Assure used length from device is limited
@ 2021-05-25 4:53 Xie Yongji
2021-05-25 6:23 ` Jason Wang
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Xie Yongji @ 2021-05-25 4:53 UTC (permalink / raw)
To: amit, mst, jasowang; +Cc: virtualization, linux-kernel
The buf->len might come from an untrusted device. This
ensures the value would not exceed the size of the buffer
to avoid data corruption or loss.
Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
---
drivers/char/virtio_console.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
index 1c40ca6d76ba..598863e6daf8 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
@@ -475,7 +475,7 @@ static struct port_buffer *get_inbuf(struct port *port)
buf = virtqueue_get_buf(port->in_vq, &len);
if (buf) {
- buf->len = len;
+ buf->len = min(len, buf->size);
buf->offset = 0;
port->stats.bytes_received += len;
}
@@ -1709,7 +1709,7 @@ static void control_work_handler(struct work_struct *work)
while ((buf = virtqueue_get_buf(vq, &len))) {
spin_unlock(&portdev->c_ivq_lock);
- buf->len = len;
+ buf->len = min(len, buf->size);
buf->offset = 0;
handle_control_message(vq->vdev, portdev, buf);
--
2.11.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] virtio_console: Assure used length from device is limited
2021-05-25 4:53 [PATCH] virtio_console: Assure used length from device is limited Xie Yongji
@ 2021-05-25 6:23 ` Jason Wang
2021-05-25 10:08 ` kernel test robot
2021-05-25 10:44 ` kernel test robot
2 siblings, 0 replies; 4+ messages in thread
From: Jason Wang @ 2021-05-25 6:23 UTC (permalink / raw)
To: Xie Yongji, amit, mst; +Cc: virtualization, linux-kernel
在 2021/5/25 下午12:53, Xie Yongji 写道:
> The buf->len might come from an untrusted device. This
> ensures the value would not exceed the size of the buffer
> to avoid data corruption or loss.
>
> Signed-off-by: Xie Yongji <xieyongji@bytedance.com>
Acked-by: Jason Wang <jasowang@redhat.com>
> ---
> drivers/char/virtio_console.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
> index 1c40ca6d76ba..598863e6daf8 100644
> --- a/drivers/char/virtio_console.c
> +++ b/drivers/char/virtio_console.c
> @@ -475,7 +475,7 @@ static struct port_buffer *get_inbuf(struct port *port)
>
> buf = virtqueue_get_buf(port->in_vq, &len);
> if (buf) {
> - buf->len = len;
> + buf->len = min(len, buf->size);
> buf->offset = 0;
> port->stats.bytes_received += len;
> }
> @@ -1709,7 +1709,7 @@ static void control_work_handler(struct work_struct *work)
> while ((buf = virtqueue_get_buf(vq, &len))) {
> spin_unlock(&portdev->c_ivq_lock);
>
> - buf->len = len;
> + buf->len = min(len, buf->size);
> buf->offset = 0;
>
> handle_control_message(vq->vdev, portdev, buf);
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] virtio_console: Assure used length from device is limited
2021-05-25 4:53 [PATCH] virtio_console: Assure used length from device is limited Xie Yongji
2021-05-25 6:23 ` Jason Wang
@ 2021-05-25 10:08 ` kernel test robot
2021-05-25 10:44 ` kernel test robot
2 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-05-25 10:08 UTC (permalink / raw)
To: Xie Yongji, amit, mst, jasowang
Cc: kbuild-all, clang-built-linux, virtualization, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 4419 bytes --]
Hi Xie,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on v5.13-rc3 next-20210525]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Xie-Yongji/virtio_console-Assure-used-length-from-device-is-limited/20210525-125848
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git 281e468446994a7672733af2bf941f4110d4a895
config: x86_64-randconfig-a001-20210525 (attached as .config)
compiler: clang version 13.0.0 (https://github.com/llvm/llvm-project 99155e913e9bad5f7f8a247f8bb3a3ff3da74af1)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install x86_64 cross compiling tool for clang build
# apt-get install binutils-x86-64-linux-gnu
# https://github.com/0day-ci/linux/commit/edaca17a036c98c3e0f6953318976caff7168a6e
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Xie-Yongji/virtio_console-Assure-used-length-from-device-is-limited/20210525-125848
git checkout edaca17a036c98c3e0f6953318976caff7168a6e
# save the attached .config to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
All warnings (new ones prefixed by >>):
>> drivers/char/virtio_console.c:478:14: warning: comparison of distinct pointer types ('typeof (len) *' (aka 'unsigned int *') and 'typeof (buf->size) *' (aka 'unsigned long *')) [-Wcompare-distinct-pointer-types]
buf->len = min(len, buf->size);
^~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:51:19: note: expanded from macro 'min'
#define min(x, y) __careful_cmp(x, y, <)
^~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:42:24: note: expanded from macro '__careful_cmp'
__builtin_choose_expr(__safe_cmp(x, y), \
^~~~~~~~~~~~~~~~
include/linux/minmax.h:32:4: note: expanded from macro '__safe_cmp'
(__typecheck(x, y) && __no_side_effects(x, y))
^~~~~~~~~~~~~~~~~
include/linux/minmax.h:18:28: note: expanded from macro '__typecheck'
(!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
drivers/char/virtio_console.c:1712:14: warning: comparison of distinct pointer types ('typeof (len) *' (aka 'unsigned int *') and 'typeof (buf->size) *' (aka 'unsigned long *')) [-Wcompare-distinct-pointer-types]
buf->len = min(len, buf->size);
^~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:51:19: note: expanded from macro 'min'
#define min(x, y) __careful_cmp(x, y, <)
^~~~~~~~~~~~~~~~~~~~~~
include/linux/minmax.h:42:24: note: expanded from macro '__careful_cmp'
__builtin_choose_expr(__safe_cmp(x, y), \
^~~~~~~~~~~~~~~~
include/linux/minmax.h:32:4: note: expanded from macro '__safe_cmp'
(__typecheck(x, y) && __no_side_effects(x, y))
^~~~~~~~~~~~~~~~~
include/linux/minmax.h:18:28: note: expanded from macro '__typecheck'
(!!(sizeof((typeof(x) *)1 == (typeof(y) *)1)))
~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
2 warnings generated.
vim +478 drivers/char/virtio_console.c
466
467 /* Callers should take appropriate locks */
468 static struct port_buffer *get_inbuf(struct port *port)
469 {
470 struct port_buffer *buf;
471 unsigned int len;
472
473 if (port->inbuf)
474 return port->inbuf;
475
476 buf = virtqueue_get_buf(port->in_vq, &len);
477 if (buf) {
> 478 buf->len = min(len, buf->size);
479 buf->offset = 0;
480 port->stats.bytes_received += len;
481 }
482 return buf;
483 }
484
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 37046 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] virtio_console: Assure used length from device is limited
2021-05-25 4:53 [PATCH] virtio_console: Assure used length from device is limited Xie Yongji
2021-05-25 6:23 ` Jason Wang
2021-05-25 10:08 ` kernel test robot
@ 2021-05-25 10:44 ` kernel test robot
2 siblings, 0 replies; 4+ messages in thread
From: kernel test robot @ 2021-05-25 10:44 UTC (permalink / raw)
To: Xie Yongji, amit, mst, jasowang; +Cc: kbuild-all, virtualization, linux-kernel
[-- Attachment #1: Type: text/plain, Size: 2619 bytes --]
Hi Xie,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on char-misc/char-misc-testing]
[also build test WARNING on v5.13-rc3 next-20210525]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch]
url: https://github.com/0day-ci/linux/commits/Xie-Yongji/virtio_console-Assure-used-length-from-device-is-limited/20210525-125848
base: https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git 281e468446994a7672733af2bf941f4110d4a895
config: x86_64-randconfig-s022-20210525 (attached as .config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.3-341-g8af24329-dirty
# https://github.com/0day-ci/linux/commit/edaca17a036c98c3e0f6953318976caff7168a6e
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Xie-Yongji/virtio_console-Assure-used-length-from-device-is-limited/20210525-125848
git checkout edaca17a036c98c3e0f6953318976caff7168a6e
# save the attached .config to linux build tree
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' W=1 ARCH=x86_64
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> drivers/char/virtio_console.c:478:28: sparse: sparse: incompatible types in comparison expression (different type sizes):
>> drivers/char/virtio_console.c:478:28: sparse: unsigned int *
>> drivers/char/virtio_console.c:478:28: sparse: unsigned long *
drivers/char/virtio_console.c:1712:28: sparse: sparse: incompatible types in comparison expression (different type sizes):
drivers/char/virtio_console.c:1712:28: sparse: unsigned int *
drivers/char/virtio_console.c:1712:28: sparse: unsigned long *
vim +478 drivers/char/virtio_console.c
466
467 /* Callers should take appropriate locks */
468 static struct port_buffer *get_inbuf(struct port *port)
469 {
470 struct port_buffer *buf;
471 unsigned int len;
472
473 if (port->inbuf)
474 return port->inbuf;
475
476 buf = virtqueue_get_buf(port->in_vq, &len);
477 if (buf) {
> 478 buf->len = min(len, buf->size);
479 buf->offset = 0;
480 port->stats.bytes_received += len;
481 }
482 return buf;
483 }
484
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 33360 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-05-25 10:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-25 4:53 [PATCH] virtio_console: Assure used length from device is limited Xie Yongji
2021-05-25 6:23 ` Jason Wang
2021-05-25 10:08 ` kernel test robot
2021-05-25 10:44 ` kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).