From nobody Wed Jan 15 08:31:31 2025 Delivered-To: importer@patchew.org Received-SPF: none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; spf=none (zohomail.com: 8.43.85.245 is neither permitted nor denied by domain of lists.libvirt.org) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1705076160279227.11465490858347; Fri, 12 Jan 2024 08:16:00 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 2F8D91D6B; Fri, 12 Jan 2024 11:15:59 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 1E9691D67; Fri, 12 Jan 2024 11:06:33 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id 9475F1DB5; Fri, 12 Jan 2024 11:06:04 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id F028D1D38 for ; Fri, 12 Jan 2024 11:05:55 -0500 (EST) Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-248-IxtEGtGMNGemnsuqBAP17w-1; Fri, 12 Jan 2024 11:05:54 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BB9113C0EAD3 for ; Fri, 12 Jan 2024 16:05:53 +0000 (UTC) Received: from speedmetal.lan (unknown [10.45.242.9]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0345E3C25 for ; Fri, 12 Jan 2024 16:05:52 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.4 X-MC-Unique: IxtEGtGMNGemnsuqBAP17w-1 From: Peter Krempa To: devel@lists.libvirt.org Subject: [PATCH 4/7] qemu: Move 'shmem' device size validation to qemu_validate Date: Fri, 12 Jan 2024 17:05:44 +0100 Message-ID: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Message-ID-Hash: 472TPZRONG6B2XYH6EC5QFBIS76UZSLU X-Message-ID-Hash: 472TPZRONG6B2XYH6EC5QFBIS76UZSLU X-MailFrom: pkrempa@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZM-MESSAGEID: 1705076160954100001 The 'size' of a 'shmem' device is parsed and formatted as a "scaled" value, stored in bytes, but the formatting scale is mebibytes. This precission loss combined with the fact that the value was validated only when starting and the size is formatted only when non-zero meant that on first parse a value < 1 MiB would be accepted, but would be formatted to the XML as 0 MiB as it was non-zero but truncated and a subsequent parse would parse of such XML would parse it as 0 bytes, which in turn would be interpreted as 'default' size. Fix the issue by moving the validator, which ensures that the number is a power of two and more than 1 MiB to the validator code so that it'll be rejected at XML parsing time. Signed-off-by: Peter Krempa --- src/qemu/qemu_command.c | 19 ----------- src/qemu/qemu_validate.c | 9 +++++ .../shmem-invalid-size.x86_64-latest.err | 2 +- .../shmem-small-size.x86_64-latest.err | 2 +- .../shmem-invalid-size.x86_64-latest.xml | 34 ------------------- .../shmem-small-size.x86_64-latest.xml | 34 ------------------- tests/qemuxmlconftest.c | 4 +-- 7 files changed, 13 insertions(+), 91 deletions(-) delete mode 100644 tests/qemuxml2xmloutdata/shmem-invalid-size.x86_64-late= st.xml delete mode 100644 tests/qemuxml2xmloutdata/shmem-small-size.x86_64-latest= .xml diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 653817173b..e3d728aa82 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -9078,25 +9078,6 @@ qemuBuildShmemCommandLine(virCommand *cmd, g_autoptr(virJSONValue) memProps =3D NULL; g_autoptr(virJSONValue) devProps =3D NULL; - if (shmem->size) { - /* - * Thanks to our parsing code, we have a guarantee that the - * size is power of two and is at least a mebibyte in size. - * But because it may change in the future, the checks are - * doubled in here. - */ - if (shmem->size & (shmem->size - 1)) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("shmem size must be a power of two")); - return -1; - } - if (shmem->size < 1024 * 1024) { - virReportError(VIR_ERR_XML_ERROR, "%s", - _("shmem size must be at least 1 MiB (1024 KiB)= ")); - return -1; - } - } - if (shmem->info.type !=3D VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("only 'pci' addresses are supported for the share= d memory device")); diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index b22d3618fe..01f65c0866 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -5118,6 +5118,15 @@ static int qemuValidateDomainDeviceDefShmem(virDomainShmemDef *shmem, virQEMUCaps *qemuCaps) { + if (shmem->size > 0) { + if (shmem->size < 1024 * 1024 || + !VIR_IS_POW2(shmem->size)) { + virReportError(VIR_ERR_XML_ERROR, "%s", + _("shmem size must be a power of 2 and at least= 1 MiB (1024 KiB)")); + return -1; + } + } + switch (shmem->model) { case VIR_DOMAIN_SHMEM_MODEL_IVSHMEM: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", diff --git a/tests/qemuxml2argvdata/shmem-invalid-size.x86_64-latest.err b/= tests/qemuxml2argvdata/shmem-invalid-size.x86_64-latest.err index 623bd8e5dd..5409cb73c2 100644 --- a/tests/qemuxml2argvdata/shmem-invalid-size.x86_64-latest.err +++ b/tests/qemuxml2argvdata/shmem-invalid-size.x86_64-latest.err @@ -1 +1 @@ -XML error: shmem size must be a power of two +XML error: shmem size must be a power of 2 and at least 1 MiB (1024 KiB) diff --git a/tests/qemuxml2argvdata/shmem-small-size.x86_64-latest.err b/te= sts/qemuxml2argvdata/shmem-small-size.x86_64-latest.err index b5fcd8b4cf..5409cb73c2 100644 --- a/tests/qemuxml2argvdata/shmem-small-size.x86_64-latest.err +++ b/tests/qemuxml2argvdata/shmem-small-size.x86_64-latest.err @@ -1 +1 @@ -XML error: shmem size must be at least 1 MiB (1024 KiB) +XML error: shmem size must be a power of 2 and at least 1 MiB (1024 KiB) diff --git a/tests/qemuxml2xmloutdata/shmem-invalid-size.x86_64-latest.xml = b/tests/qemuxml2xmloutdata/shmem-invalid-size.x86_64-latest.xml deleted file mode 100644 index cc7b63da94..0000000000 --- a/tests/qemuxml2xmloutdata/shmem-invalid-size.x86_64-latest.xml +++ /dev/null @@ -1,34 +0,0 @@ - - QEMUGuest1 - c7a5fdbd-edaf-9455-926a-d65c16db1809 - 219136 - 219136 - 1 - - hvm - - - - qemu64 - - - destroy - restart - destroy - - /usr/bin/qemu-system-x86_64 - -
- - - - -