lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 17 Nov 2020 11:36:36 +0000
From:   Stefan Hajnoczi <stefanha@...hat.com>
To:     Stefano Garzarella <sgarzare@...hat.com>
Cc:     virtualization@...ts.linux-foundation.org,
        Laurent Vivier <lvivier@...hat.com>,
        linux-kernel@...r.kernel.org, Eli Cohen <elic@...dia.com>,
        Jason Wang <jasowang@...hat.com>,
        "Michael S. Tsirkin" <mst@...hat.com>,
        Max Gurtovoy <mgurtovoy@...dia.com>
Subject: Re: [PATCH RFC 12/12] vdpa_sim_blk: implement ramdisk behaviour

On Fri, Nov 13, 2020 at 02:47:12PM +0100, Stefano Garzarella wrote:
> diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c b/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c
> index 8e41b3ab98d5..68e74383322f 100644
> --- a/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c
> +++ b/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c
> @@ -7,6 +7,7 @@
>   */
>  
>  #include <linux/module.h>
> +#include <linux/blkdev.h>
>  #include <uapi/linux/virtio_blk.h>
>  
>  #include "vdpa_sim.h"
> @@ -24,10 +25,137 @@
>  
>  static struct vdpasim *vdpasim_blk_dev;
>  
> +static int vdpasim_blk_handle_req(struct vdpasim *vdpasim,
> +				  struct vdpasim_virtqueue *vq)

This function has a non-standard int return value. Please document it.

> +{
> +	size_t wrote = 0, to_read = 0, to_write = 0;
> +	struct virtio_blk_outhdr hdr;
> +	uint8_t status;
> +	uint32_t type;
> +	ssize_t bytes;
> +	loff_t offset;
> +	int i, ret;
> +
> +	vringh_kiov_cleanup(&vq->riov);
> +	vringh_kiov_cleanup(&vq->wiov);
> +
> +	ret = vringh_getdesc_iotlb(&vq->vring, &vq->riov, &vq->wiov,
> +				   &vq->head, GFP_ATOMIC);
> +	if (ret != 1)
> +		return ret;
> +
> +	for (i = 0; i < vq->wiov.used; i++)
> +		to_write += vq->wiov.iov[i].iov_len;
> +	to_write -= 1; /* last byte is the status */

What if vq->wiov.used == 0?

> +
> +	for (i = 0; i < vq->riov.used; i++)
> +		to_read += vq->riov.iov[i].iov_len;
> +
> +	bytes = vringh_iov_pull_iotlb(&vq->vring, &vq->riov, &hdr, sizeof(hdr));
> +	if (bytes != sizeof(hdr))
> +		return 0;
> +
> +	to_read -= bytes;
> +
> +	type = le32_to_cpu(hdr.type);
> +	offset = le64_to_cpu(hdr.sector) << SECTOR_SHIFT;
> +	status = VIRTIO_BLK_S_OK;
> +
> +	switch (type) {
> +	case VIRTIO_BLK_T_IN:
> +		if (offset + to_write > VDPASIM_BLK_CAPACITY << SECTOR_SHIFT) {

Integer overflow is not handled.

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ