[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepa
From: |
Marc-André Lureau |
Subject: |
Re: [Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepage support |
Date: |
Fri, 18 Mar 2016 16:04:26 +0100 |
Hi
On Tue, Mar 15, 2016 at 7:34 PM, Markus Armbruster <address@hidden> wrote:
> The code to find the minimum page size is is vulnerable to TOCTTOU.
> Added in commit 2d103aa "target-ppc: fix hugepage support when using
> memory-backend-file" (v2.4.0). Since I can't fix it myself right now,
> add a FIXME comment.
>
> Cc: Paolo Bonzini <address@hidden>
> Cc: Michael Roth <address@hidden>
> Signed-off-by: Markus Armbruster <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
> ---
> target-ppc/kvm.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
> index d67c169..5be57a7 100644
> --- a/target-ppc/kvm.c
> +++ b/target-ppc/kvm.c
> @@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path)
> return fs.f_bsize;
> }
>
> +/*
> + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
> + * may or may not name the same files / on the same filesystem now as
> + * when we actually open and map them. Iterate over the file
> + * descriptors instead, and use qemu_fd_getpagesize().
> + */
> static int find_max_supported_pagesize(Object *obj, void *opaque)
> {
> char *mem_path;
> --
> 2.4.3
>
>
--
Marc-André Lureau
- Re: [Qemu-devel] [PATCH v3 33/40] ivshmem: Inline check_shm_size() into its only caller, (continued)
- [Qemu-devel] [PATCH v3 40/40] contrib/ivshmem-server: Print "not for production" warning, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 27/40] ivshmem: Rely on server sending the ID right after the version, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 26/40] ivshmem: Propagate errors through ivshmem_recv_setup(), Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 10/40] ivshmem: Rewrite specification document, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 36/40] ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 30/40] ivshmem: Tighten check of property "size", Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepage support, Markus Armbruster, 2016/03/15
- Re: [Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepage support,
Marc-André Lureau <=
- [Qemu-devel] [PATCH v3 16/40] ivshmem: Fix harmless misuse of Error, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 34/40] qdev: New DEFINE_PROP_ON_OFF_AUTO, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 29/40] ivshmem: Simplify how we cope with short reads from server, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 39/40] ivshmem: Require master to have ID zero, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 31/40] ivshmem: Implement shm=... with a memory backend, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 05/40] event_notifier: Make event_notifier_init_fd() #ifdef CONFIG_EVENTFD, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 28/40] ivshmem: Drop the hackish test for UNIX domain chardev, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 32/40] ivshmem: Simplify memory regions for BAR 2 (shared memory), Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 38/40] ivshmem: Drop ivshmem property x-memdev, Markus Armbruster, 2016/03/15