Re: [PATCH 12/12] io/channel-socket: qio_channel_socket

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 12/12] io/channel-socket: qio_channel_socket_flush(): improve

From:	Vladimir Sementsov-Ogievskiy
Subject:	Re: [PATCH 12/12] io/channel-socket: qio_channel_socket_flush(): improve msg validation
Date:	Tue, 26 Sep 2023 13:19:14 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0

On 26.09.23 12:04, Maksim Davydov wrote:

Could you add a comment into the commit message why ee_data must be
bigger than ee_info?


As I understand, in this case ee_data is lower bound and ee_info is upper bound 
of notification:

https://docs.kernel.org/networking/msg_zerocopy.html#notification-parsing

and the next line "sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;" 
actually depends on it.

So, I'll add:

For SO_EE_ORIGIN_ZEROCOPY the 32-bit notification range is encoded
as [ee_info, ee_data] inclusively, so ee_info should be less or
equal to ee_data.


On 9/25/23 22:40, Vladimir Sementsov-Ogievskiy wrote:

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
---
  io/channel-socket.c | 5 +++++
  1 file changed, 5 insertions(+)

diff --git a/io/channel-socket.c b/io/channel-socket.c
index 02ffb51e99..3a899b0608 100644
--- a/io/channel-socket.c
+++ b/io/channel-socket.c
@@ -782,6 +782,11 @@ static int qio_channel_socket_flush(QIOChannel *ioc,
                               "Error not from zero copy");
              return -1;
          }
+        if (serr->ee_data < serr->ee_info) {
+            error_setg_errno(errp, serr->ee_origin,
+                             "Wrong notification bounds");
+            return -1;
+        }
          /* No errors, count successfully finished sendmsg()*/
          sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;


--
Best regards,
Vladimir

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 08/12] block/nvme: nvme_process_completion() fix bound for cid, (continued)
- [PATCH 07/12] pcie_sriov: unregister_vfs(): fix error path, Vladimir Sementsov-Ogievskiy, 2023/09/25
- [PATCH 10/12] hw/core/loader: gunzip(): initialize z_stream, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 10/12] hw/core/loader: gunzip(): initialize z_stream, Peter Maydell, 2023/09/26
- [PATCH 11/12] hw/core/loader: read_targphys(): add upper bound, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 11/12] hw/core/loader: read_targphys(): add upper bound, Michael Tokarev, 2023/09/25
    - Re: [PATCH 11/12] hw/core/loader: read_targphys(): add upper bound, Vladimir Sementsov-Ogievskiy, 2023/09/26
  - Re: [PATCH 11/12] hw/core/loader: read_targphys(): add upper bound, Peter Maydell, 2023/09/26
- [PATCH 12/12] io/channel-socket: qio_channel_socket_flush(): improve msg validation, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 12/12] io/channel-socket: qio_channel_socket_flush(): improve msg validation, Maksim Davydov, 2023/09/26
    - Re: [PATCH 12/12] io/channel-socket: qio_channel_socket_flush(): improve msg validation, Vladimir Sementsov-Ogievskiy <=
- [PATCH 09/12] kvm-all: introduce limits for name_size and num_desc, Vladimir Sementsov-Ogievskiy, 2023/09/25
  - Re: [PATCH 09/12] kvm-all: introduce limits for name_size and num_desc, Peter Maydell, 2023/09/26
    - Re: [PATCH 09/12] kvm-all: introduce limits for name_size and num_desc, Vladimir Sementsov-Ogievskiy, 2023/09/26

Prev by Date: Re: [PATCH 26/52] migration/rdma: Replace int error_state by bool errored
Next by Date: Re: [PATCH v4 13/14] MAINTAINERS: add maintainer of simpletrace.py
Previous by thread: Re: [PATCH 12/12] io/channel-socket: qio_channel_socket_flush(): improve msg validation
Next by thread: [PATCH 09/12] kvm-all: introduce limits for name_size and num_desc
Index(es):
- Date
- Thread