From nobody Sun Apr 28 15:09:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1486401707628295.82910785704564; Mon, 6 Feb 2017 09:21:47 -0800 (PST) Received: from localhost ([::1]:49799 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1camz2-0005tj-W7 for importer@patchew.org; Mon, 06 Feb 2017 12:21:45 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42386) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1camy8-0005bb-VH for qemu-devel@nongnu.org; Mon, 06 Feb 2017 12:20:50 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1camy5-0001Y7-O1 for qemu-devel@nongnu.org; Mon, 06 Feb 2017 12:20:48 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:54530) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1camy5-0001Xm-DJ for qemu-devel@nongnu.org; Mon, 06 Feb 2017 12:20:45 -0500 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.20/8.16.0.20) with SMTP id v16HEK3F054114 for ; Mon, 6 Feb 2017 12:20:44 -0500 Received: from e18.ny.us.ibm.com (e18.ny.us.ibm.com [129.33.205.208]) by mx0a-001b2d01.pphosted.com with ESMTP id 28eu3e6qxa-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 06 Feb 2017 12:20:44 -0500 Received: from localhost by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 6 Feb 2017 12:20:42 -0500 Received: from d01dlp03.pok.ibm.com (9.56.250.168) by e18.ny.us.ibm.com (146.89.104.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 6 Feb 2017 12:20:40 -0500 Received: from b01cxnp22034.gho.pok.ibm.com (b01cxnp22034.gho.pok.ibm.com [9.57.198.24]) by d01dlp03.pok.ibm.com (Postfix) with ESMTP id 29089C9003E; Mon, 6 Feb 2017 12:20:21 -0500 (EST) Received: from b01ledav002.gho.pok.ibm.com (b01ledav002.gho.pok.ibm.com [9.57.199.107]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v16HKdM642008626; Mon, 6 Feb 2017 17:20:39 GMT Received: from b01ledav002.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A655012403D; Mon, 6 Feb 2017 12:20:39 -0500 (EST) Received: from [192.168.66.23] (unknown [9.164.180.51]) by b01ledav002.gho.pok.ibm.com (Postfix) with ESMTP id DAE8F12403F; Mon, 6 Feb 2017 12:20:38 -0500 (EST) From: Greg Kurz To: qemu-devel@nongnu.org Date: Mon, 06 Feb 2017 18:20:37 +0100 User-Agent: StGit/0.17.1-20-gc0b1b-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17020617-0044-0000-0000-0000027BB889 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006568; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000202; SDB=6.00818070; UDB=6.00399726; IPR=6.00595530; BA=6.00005119; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00014200; XFM=3.00000011; UTC=2017-02-06 17:20:41 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17020617-0045-0000-0000-000006A8BCC8 Message-Id: <148640163738.20116.15256467457494672940.stgit@bahia> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-02-06_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1702060169 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 148.163.156.1 Subject: [Qemu-devel] [PATCH] 9pfs: proxy: assert if unmarshal fails X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Greg Kurz , "Aneesh Kumar K.V" Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Replies from the virtfs proxy are made up of a fixed-size header (8 bytes) and a payload of variable size (maximum 64kb). When receiving a reply, the proxy backend first reads the whole header and then unmarshals it. If the header is okay, it then does the same operation with the payload. Since the proxy backend uses a pre-allocated buffer which has enough room for a header and the maximum payload size, marshalling should never fail with fixed size arguments. Let's make this clear with assertions. This should also address Coverity's complaints CID 1348519 and CID 1348520, about not always checking the return value of proxy_unmarshal(). Signed-off-by: Greg Kurz --- hw/9pfs/9p-proxy.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/hw/9pfs/9p-proxy.c b/hw/9pfs/9p-proxy.c index f4aa7a9d70f8..4ad42a1ad158 100644 --- a/hw/9pfs/9p-proxy.c +++ b/hw/9pfs/9p-proxy.c @@ -165,7 +165,8 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, return retval; } reply->iov_len =3D PROXY_HDR_SZ; - proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); + retval =3D proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); + assert(retval =3D=3D 8); /* * if response size > PROXY_MAX_IO_SZ, read the response but ignore it= and * return -ENOBUFS @@ -194,9 +195,7 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, if (header.type =3D=3D T_ERROR) { int ret; ret =3D proxy_unmarshal(reply, PROXY_HDR_SZ, "d", status); - if (ret < 0) { - *status =3D ret; - } + assert(ret =3D=3D 4); return 0; } =20 @@ -213,6 +212,7 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, &prstat.st_atim_sec, &prstat.st_atim_nsec, &prstat.st_mtim_sec, &prstat.st_mtim_nsec, &prstat.st_ctim_sec, &prstat.st_ctim_nsec= ); + assert(retval =3D=3D sizeof(prstat)); prstat_to_stat(response, &prstat); break; } @@ -225,6 +225,7 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, &prstfs.f_files, &prstfs.f_ffree, &prstfs.f_fsid[0], &prstfs.f_fsid[1], &prstfs.f_namelen, &prstfs.f_frsize); + assert(retval =3D=3D sizeof(prstfs)); prstatfs_to_statfs(response, &prstfs); break; } @@ -246,7 +247,8 @@ static int v9fs_receive_response(V9fsProxy *proxy, int = type, break; } case T_GETVERSION: - proxy_unmarshal(reply, PROXY_HDR_SZ, "q", response); + retval =3D proxy_unmarshal(reply, PROXY_HDR_SZ, "q", response); + assert(retval =3D=3D 8); break; default: return -1; @@ -274,18 +276,16 @@ static int v9fs_receive_status(V9fsProxy *proxy, return retval; } reply->iov_len =3D PROXY_HDR_SZ; - proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); - if (header.size !=3D sizeof(int)) { - *status =3D -ENOBUFS; - return 0; - } + retval =3D proxy_unmarshal(reply, 0, "dd", &header.type, &header.size); + assert(retval =3D=3D 8); retval =3D socket_read(proxy->sockfd, reply->iov_base + PROXY_HDR_SZ, header.size); if (retval < 0) { return retval; } reply->iov_len +=3D header.size; - proxy_unmarshal(reply, PROXY_HDR_SZ, "d", status); + retval =3D proxy_unmarshal(reply, PROXY_HDR_SZ, "d", status); + assert(retval =3D=3D 4); return 0; } =20