[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v8 01/11] util: add helper APIs for dealing with
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-devel] [PATCH v8 01/11] util: add helper APIs for dealing with inotify in portable manner |
|
Date: |
Fri, 28 Jan 2022 16:42:02 +0000 |
|
User-agent: |
Mutt/2.1.5 (2021-12-30) |
On Fri, Jan 28, 2022 at 04:17:32PM +0000, Peter Maydell wrote:
> On Fri, 15 Feb 2019 at 16:06, Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > The inotify userspace API for reading events is quite horrible, so it is
> > useful to wrap it in a more friendly API to avoid duplicating code
> > across many users in QEMU. Wrapping it also allows introduction of a
> > platform portability layer, so that we can add impls for non-Linux based
> > equivalents in future.
>
> Hi; Coverity has suddenly decided to complain about this 3-year-old
> code (in CID 1469132). It reports an "untrusted loop bound" because
> in the 'loop over events in the buffer' we use the data we just read
> from the filedescriptor (specifically ev->len) as part of the
> calculation of our loop termination condition.
>
> Is there actually anything to change here, or is this a false
> positive because we actually trust the data we're getting on this fd?
I think its false positive. The inotify API between kernel and
userspace requires that you work in this manner. The data on
this FD is strictly emitted by the kernel, not any untrusted
application, so I don't think there's a risk here.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|