[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 10/24] DAX: virtiofsd: Add setup/remove mappings fuse command
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH 10/24] DAX: virtiofsd: Add setup/remove mappings fuse commands |
Date: |
Thu, 11 Feb 2021 12:37:38 +0000 |
On Tue, Feb 09, 2021 at 07:02:10PM +0000, Dr. David Alan Gilbert (git) wrote:
> +static void do_removemapping(fuse_req_t req, fuse_ino_t nodeid,
> + struct fuse_mbuf_iter *iter)
> +{
> + struct fuse_removemapping_in *arg;
> + struct fuse_removemapping_one *one;
> +
> + arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
> + if (!arg || arg->count <= 0) {
arg->count is unsigned so < is tautologous.
> + fuse_log(FUSE_LOG_ERR, "do_removemapping: invalid arg %p\n", arg);
> + fuse_reply_err(req, EINVAL);
> + return;
> + }
> +
> + one = fuse_mbuf_iter_advance(iter, arg->count * sizeof(*one));
arg->count * sizeof(*one) is an integer overflow on 32-bit hosts. I
think we should be more defensive here since this input comes from the
guest.
signature.asc
Description: PGP signature
- Re: [PATCH 05/24] DAX: virtio: Add shared memory capability, (continued)
- [PATCH 06/24] DAX: virtio-fs: Add cache BAR, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 07/24] DAX: virtio-fs: Add vhost-user slave commands for mapping, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 08/24] DAX: virtio-fs: Fill in slave commands for mapping, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 09/24] DAX: virtiofsd Add cache accessor functions, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 10/24] DAX: virtiofsd: Add setup/remove mappings fuse commands, Dr. David Alan Gilbert (git), 2021/02/09
- Re: [PATCH 10/24] DAX: virtiofsd: Add setup/remove mappings fuse commands,
Stefan Hajnoczi <=
[PATCH 12/24] DAX: virtiofsd: Wire up passthrough_ll's lo_setupmapping, Dr. David Alan Gilbert (git), 2021/02/09
[PATCH 11/24] DAX: virtiofsd: Add setup/remove mapping handlers to passthrough_ll, Dr. David Alan Gilbert (git), 2021/02/09
[PATCH 13/24] DAX: virtiofsd: Make lo_removemapping() work, Dr. David Alan Gilbert (git), 2021/02/09