From nobody Mon Feb 9 10:11:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1697547738; cv=none; d=zohomail.com; s=zohoarc; b=YKeeoEtJSm+dxOzR3tF6z33LsBh/2CFyhMG5dRq1sK3lgjd0pVN9/SuXmuWJm3s7I3AI6AlAv5tNc0WZbbSp1HPT/KjjO2wzShvirN0KPdxM24zBQPuvGgKJAPNOn89DCezZR12xujW5vdCjX0mDIZ4THsG6o6P9gRagy1JR8g0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1697547738; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=9uz6mP2DMKRc9fDqr1zPTN4sSUu+LsDqxNyJSCGgRX4=; b=P0WHOW3W/2laIAngnVTsm+BZIeUxwWUpM85dAJXbcr+7j9MB8tnJ0wg2NQT/6tgFYimIRCaYpXR4F4xcZIf0e/kcV3jhikYJvpbOBcq5pV+34ZtWa+AJ0Pjnnvek4DZt1gXRKJ5/L4gv3ziAmYMyTDKodSzHEeOfzw8S45ZctIk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1697547738403733.6181513330821; Tue, 17 Oct 2023 06:02:18 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qsjg5-0005na-1R; Tue, 17 Oct 2023 09:00:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg0-0005jh-Qp for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:00 -0400 Received: from forwardcorp1b.mail.yandex.net ([2a02:6b8:c02:900:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjfx-0003Vq-9j for qemu-devel@nongnu.org; Tue, 17 Oct 2023 08:59:59 -0400 Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:750a:0:640:e46:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id 1132C61A1F; Tue, 17 Oct 2023 15:59:54 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:8006::1:24]) by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id gxjRqEIOdGk0-z3xGYPQ2; Tue, 17 Oct 2023 15:59:53 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1697547593; bh=9uz6mP2DMKRc9fDqr1zPTN4sSUu+LsDqxNyJSCGgRX4=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=v5q2eXjodosGUIXVZLSRDqleCl1V8ns+zWdcX10fUP1DkyCMgQiZdS5D5sD45GE0+ nPH0NPmH51yoD21QN6Piu2UDofWyiIW/b5IOxRqApW8UKFr86R4quyf2TvIx8fsAfd Y1cw1oOmkFiurb3pkXs2PfIXJ3nFf/2AvM0WT5X0= Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, pbonzini@redhat.com, vsementsov@yandex-team.ru, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, "Michael S. Tsirkin" , Peter Xu , Jason Wang , Marcel Apfelbaum , Richard Henderson , Eduardo Habkost Subject: [PATCH v3 1/6] hw/i386/intel_iommu: vtd_slpte_nonzero_rsvd(): assert no overflow Date: Tue, 17 Oct 2023 15:59:36 +0300 Message-Id: <20231017125941.810461-2-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017125941.810461-1-vsementsov@yandex-team.ru> References: <20231017125941.810461-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a02:6b8:c02:900:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @yandex-team.ru) X-ZM-MESSAGEID: 1697547741689100001 Content-Type: text/plain; charset="utf-8" We support only 3- and 4-level page-tables, which is firstly checked in vtd_decide_config(), then setup in vtd_init(). Than level fields are checked by vtd_is_level_supported(). So here we can't have level out from 1..4 inclusive range. Let's assert it. That also explains Coverity that we are not going to overflow the array. CID: 1487158, 1487186 Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell Reviewed-by: Maksim Davydov --- hw/i386/intel_iommu.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index 2c832ab68b..5e435d9f2d 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -1027,18 +1027,35 @@ static dma_addr_t vtd_get_iova_pgtbl_base(IntelIOMM= UState *s, * Rsvd field masks for spte: * vtd_spte_rsvd 4k pages * vtd_spte_rsvd_large large pages + * + * We support only 3-level and 4-level page tables (see vtd_init() which + * sets only VTD_CAP_SAGAW_39bit and maybe VTD_CAP_SAGAW_48bit bits in s->= cap). */ -static uint64_t vtd_spte_rsvd[5]; -static uint64_t vtd_spte_rsvd_large[5]; +#define VTD_SPTE_RSVD_LEN 5 +static uint64_t vtd_spte_rsvd[VTD_SPTE_RSVD_LEN]; +static uint64_t vtd_spte_rsvd_large[VTD_SPTE_RSVD_LEN]; =20 static bool vtd_slpte_nonzero_rsvd(uint64_t slpte, uint32_t level) { - uint64_t rsvd_mask =3D vtd_spte_rsvd[level]; + uint64_t rsvd_mask; + + /* + * We should have caught a guest-mis-programmed level earlier, + * via vtd_is_level_supported. + */ + assert(level < VTD_SPTE_RSVD_LEN); + /* + * Zero level doesn't exist. The smallest level is VTD_SL_PT_LEVEL=3D1= and + * checked by vtd_is_last_slpte(). + */ + assert(level); =20 if ((level =3D=3D VTD_SL_PD_LEVEL || level =3D=3D VTD_SL_PDP_LEVEL) && (slpte & VTD_SL_PT_PAGE_SIZE_MASK)) { /* large page */ rsvd_mask =3D vtd_spte_rsvd_large[level]; + } else { + rsvd_mask =3D vtd_spte_rsvd[level]; } =20 return slpte & rsvd_mask; --=20 2.34.1 From nobody Mon Feb 9 10:11:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1697547667; cv=none; d=zohomail.com; s=zohoarc; b=n48H/Ab7i6arB3o8M8pGVea31c6pCoZG3oCMTwDfERV8IWh4p7se7edZph5rjYH7fXE8POfopo4gji/Z91B6SthW3eIejjraw0h6Yu2KQxXwJg/fNF8nnvMHQh9Vo9UkgQmE/kPX9GbqNr39/gCBeK3cOLNhgoHaiEZqlpvugYg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1697547667; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=bRLyidxkORoXj5gdDK1ngLt2TqnLpNaBk1OXzDr4P0Q=; b=W7+P92cWFaAUIwD5fuZ65GTP294RvPXFEC/VBx7lJYBXqL1+p/Tcbyjfw73ByDzD1ujnRzwnu7jpvcPqcmHNNJcw6Wbl1jM/pmhzmCScbiJg3eyg2kV44BrZnWkISeVS8fCDtvzVay4fwB3VzdLoBPZrx6mRtyULd+5mBO3gqsE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1697547667900830.6241528018409; Tue, 17 Oct 2023 06:01:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qsjg7-0005od-5c; Tue, 17 Oct 2023 09:00:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg4-0005nl-BL for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:04 -0400 Received: from forwardcorp1c.mail.yandex.net ([178.154.239.200]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjfx-0003W6-9j for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:04 -0400 Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:750a:0:640:e46:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id C6C8F62127; Tue, 17 Oct 2023 15:59:54 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:8006::1:24]) by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id gxjRqEIOdGk0-VDpoOspz; Tue, 17 Oct 2023 15:59:54 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1697547594; bh=bRLyidxkORoXj5gdDK1ngLt2TqnLpNaBk1OXzDr4P0Q=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=HpL1sJLY95Pzl0eSQ/dKkvbx92MTeLWBWiH/3hGYTWyhZ0nxVM4slS2sPSe7SEzhn gdW2tXnTnkh9RR7nywqjtyWt15e0QIo8wXlsYfCoNjtg6hkCK9bepWAWvqLnGQJBB1 P0Yvr37HpTEdWvvxVkBFvlKXhrFxFzOR1nrTHpyk= Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, pbonzini@redhat.com, vsementsov@yandex-team.ru, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v3 2/6] util/filemonitor-inotify: qemu_file_monitor_watch(): assert no overflow Date: Tue, 17 Oct 2023 15:59:37 +0300 Message-Id: <20231017125941.810461-3-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017125941.810461-1-vsementsov@yandex-team.ru> References: <20231017125941.810461-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=178.154.239.200; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @yandex-team.ru) X-ZM-MESSAGEID: 1697547669672100001 Content-Type: text/plain; charset="utf-8" Prefer clear assertions instead of [im]possible array overflow. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell Reviewed-by: Maksim Davydov --- util/filemonitor-inotify.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/util/filemonitor-inotify.c b/util/filemonitor-inotify.c index 2c45f7f176..2121111f38 100644 --- a/util/filemonitor-inotify.c +++ b/util/filemonitor-inotify.c @@ -81,16 +81,25 @@ static void qemu_file_monitor_watch(void *arg) =20 /* Loop over all events in the buffer */ while (used < len) { - struct inotify_event *ev =3D - (struct inotify_event *)(buf + used); - const char *name =3D ev->len ? ev->name : ""; - QFileMonitorDir *dir =3D g_hash_table_lookup(mon->idmap, - GINT_TO_POINTER(ev->wd)= ); - uint32_t iev =3D ev->mask & - (IN_CREATE | IN_MODIFY | IN_DELETE | IN_IGNORED | - IN_MOVED_TO | IN_MOVED_FROM | IN_ATTRIB); + const char *name; + QFileMonitorDir *dir; + uint32_t iev; int qev; gsize i; + struct inotify_event *ev =3D (struct inotify_event *)(buf + used); + + /* + * We trust the kenel to provide valid buffer with complete event + * records. + */ + assert(len - used >=3D sizeof(struct inotify_event)); + assert(len - used - sizeof(struct inotify_event) >=3D ev->len); + + name =3D ev->len ? ev->name : ""; + dir =3D g_hash_table_lookup(mon->idmap, GINT_TO_POINTER(ev->wd)); + iev =3D ev->mask & + (IN_CREATE | IN_MODIFY | IN_DELETE | IN_IGNORED | + IN_MOVED_TO | IN_MOVED_FROM | IN_ATTRIB); =20 used +=3D sizeof(struct inotify_event) + ev->len; =20 --=20 2.34.1 From nobody Mon Feb 9 10:11:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1697547622; cv=none; d=zohomail.com; s=zohoarc; b=QDBmvyOtSRUybUdnvfMvWSBkkeOoTqcX7Xsu9LkZtyYorlwqRMRpMDUFacDrZ3bH/wqJq6CKcBApC4jrjijstIavQjEwfRosznQ2YPUD4R0x8FkubAJQti9AKLvYyl6paduTRQnyJ4xTzo/b0kaDykJ6cDs7t8cAGgNIXt2w9Qw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1697547622; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6GNaIKGPF33f8wxz9MRIky9UHdycwZdGdjxwRVizlWc=; b=QqB0VdHczIpzkP2GpkueS/9T6YYML+7AXRKs5VT4/In0xnaUrS0Fpy/trI6ubGhIm0VMHLz4DleUu5uUL2XSXx+M/7pzwqUn2FJvFRHHhMZNMcej1ka+HLgiYjPbf/uXxToqjHdkLVX5MCJqFFwioPiR6ZxA+Ypatt4TffOCRBo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 169754762288115.20612963641554; Tue, 17 Oct 2023 06:00:22 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qsjg4-0005nY-SU; Tue, 17 Oct 2023 09:00:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg1-0005la-7C for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:01 -0400 Received: from forwardcorp1b.mail.yandex.net ([2a02:6b8:c02:900:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjfx-0003WI-9h for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:00 -0400 Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:750a:0:640:e46:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id 92B1B61CE6; Tue, 17 Oct 2023 15:59:55 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:8006::1:24]) by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id gxjRqEIOdGk0-fwn5T8Ut; Tue, 17 Oct 2023 15:59:55 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1697547595; bh=6GNaIKGPF33f8wxz9MRIky9UHdycwZdGdjxwRVizlWc=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=PP0ot4DbqatjixQzS3B9Rrt9BXcugzavuydUyIk3AB7NZWqGvNPbdvV1lhG4hzM4s D8/5gBGihF5ggc/hf9Uo60lkoe7Gh5wDY07GiTYb5vbDqzro26KAd+D29o+0Is79Qz NiOdW3jxVZO3EopYcwJc5xp3fnSS3r274J4lUzLY= Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, pbonzini@redhat.com, vsementsov@yandex-team.ru, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, "Michael S. Tsirkin" Subject: [PATCH v3 3/6] mc146818rtc: rtc_set_time(): initialize tm to zeroes Date: Tue, 17 Oct 2023 15:59:38 +0300 Message-Id: <20231017125941.810461-4-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017125941.810461-1-vsementsov@yandex-team.ru> References: <20231017125941.810461-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a02:6b8:c02:900:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @yandex-team.ru) X-ZM-MESSAGEID: 1697547624346100003 Content-Type: text/plain; charset="utf-8" set_time() function doesn't set all the fields, so it's better to initialize tm structure. And Coverity will be happier about it. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell Reviewed-by: Maksim Davydov --- hw/rtc/mc146818rtc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/rtc/mc146818rtc.c b/hw/rtc/mc146818rtc.c index c27c362db9..2d391a8396 100644 --- a/hw/rtc/mc146818rtc.c +++ b/hw/rtc/mc146818rtc.c @@ -599,7 +599,7 @@ static void rtc_get_time(MC146818RtcState *s, struct tm= *tm) =20 static void rtc_set_time(MC146818RtcState *s) { - struct tm tm; + struct tm tm =3D {}; g_autofree const char *qom_path =3D object_get_canonical_path(OBJECT(s= )); =20 rtc_get_time(s, &tm); --=20 2.34.1 From nobody Mon Feb 9 10:11:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1697547696; cv=none; d=zohomail.com; s=zohoarc; b=luvO40urrEC9BysInLaexoXddL35PMqdmNryHSgkzZWhl25ax+G5Ko/MQG11ObADyiXHbjkYTKUARitMwfjsYy1DDPCQUrdntLfoDXYA6K2GFUu7HA81hqUgrSjyEB4Vk61pOmW4w9UTZXp6q1I8dEL7RLswtKzq4O2au6Lf5B8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1697547696; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Nc5H8MU2MZyJeyRP76z1vo+grZmRJUJLOUCdVVhaQGs=; b=IC0tPlWL1iR9II9HqV/+cwGAPMNyMKTjssqSpSSExvJcKnrLfFBeVFxHawfgWR+St3G6WbxMS3ntdNdVJb2zxJOdiA2+CZUVrweUxZ1+vvnloQ1V+9PkmT6AfcB06Ly668/NJV3a4JVG4FYFyBTp5xl2/FUS3ffMUNhyZzYqfI4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1697547696073686.7633446123009; Tue, 17 Oct 2023 06:01:36 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qsjgA-0005pX-Pa; Tue, 17 Oct 2023 09:00:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg1-0005lc-82; Tue, 17 Oct 2023 09:00:01 -0400 Received: from forwardcorp1b.mail.yandex.net ([2a02:6b8:c02:900:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjfy-0003Wb-IM; Tue, 17 Oct 2023 09:00:00 -0400 Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:750a:0:640:e46:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id EA253615FF; Tue, 17 Oct 2023 15:59:56 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:8006::1:24]) by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id gxjRqEIOdGk0-3lP1yRwS; Tue, 17 Oct 2023 15:59:56 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1697547596; bh=Nc5H8MU2MZyJeyRP76z1vo+grZmRJUJLOUCdVVhaQGs=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=V7brpORdy6oQa8/a+QRL6s+STOmjtJXt5An07EMD7M47eOSvp58sUGz2lHnYqJ6R8 S3ELwczIyJAwagvWSzEpehTMssACtcTLvuaZj77qh8d5oCnY9wbRLTpX4tokZdMHaP Fy5Q/cTvSNCO+qNineCgZwUXvwr9B3Dx9usgJDaA= Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, pbonzini@redhat.com, vsementsov@yandex-team.ru, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, Stefan Hajnoczi , Fam Zheng , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Kevin Wolf , Hanna Reitz , qemu-block@nongnu.org (open list:NVMe Block Driver) Subject: [PATCH v3 4/6] block/nvme: nvme_process_completion() fix bound for cid Date: Tue, 17 Oct 2023 15:59:39 +0300 Message-Id: <20231017125941.810461-5-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017125941.810461-1-vsementsov@yandex-team.ru> References: <20231017125941.810461-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a02:6b8:c02:900:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @yandex-team.ru) X-ZM-MESSAGEID: 1697547697236100001 Content-Type: text/plain; charset="utf-8" NVMeQueuePair::reqs has length NVME_NUM_REQS, which less than NVME_QUEUE_SIZE by 1. Fixes: 1086e95da17050 ("block/nvme: switch to a NVMeRequest freelist") Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Stefan Hajnoczi Reviewed-by: Maksim Davydov --- block/nvme.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/block/nvme.c b/block/nvme.c index b6e95f0b7e..0faedf3072 100644 --- a/block/nvme.c +++ b/block/nvme.c @@ -416,9 +416,10 @@ static bool nvme_process_completion(NVMeQueuePair *q) q->cq_phase =3D !q->cq_phase; } cid =3D le16_to_cpu(c->cid); - if (cid =3D=3D 0 || cid > NVME_QUEUE_SIZE) { - warn_report("NVMe: Unexpected CID in completion queue: %"PRIu3= 2", " - "queue size: %u", cid, NVME_QUEUE_SIZE); + if (cid =3D=3D 0 || cid > NVME_NUM_REQS) { + warn_report("NVMe: Unexpected CID in completion queue: %" PRIu= 32 + ", should be within: 1..%u inclusively", cid, + NVME_NUM_REQS); continue; } trace_nvme_complete_command(s, q->index, cid); --=20 2.34.1 From nobody Mon Feb 9 10:11:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1697547657; cv=none; d=zohomail.com; s=zohoarc; b=NheZN8srPnKKsDELkCE5CUySnFPPWqUWCGwGReem1CbvfHpybrvpNkV807NmsYatRVA/zYzkDjKxzh/hMJ9pmvqbSAzajtm7Z1wdSdLd0sTLJ6jhx1HokFvmzznMwH/Vpkn1A8HEgIoLrz7xD72qB4Zmk4UyuPrsnQQ4djRYfMo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1697547657; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=QiFVoykbpHBlTWlgJZ6QBRG02TjSsd9yTo3dK44bndE=; b=nMCUApbqm+hle4vcniVgQ3wP0zGI04IRcWv/dCIypajji5wS5GSqzZUX/s4pHWJ/bJMiTIyY1Bd5vHZDBCN/Ckbd8rVQm3mXT1TLpbHW+Alic2y5oBW3Ve8L76FLmDqK5pUvqOaUJ/Pghr4NKRSs2JbpHJF3/pg8sqodBabSk/4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1697547657511737.4106066697713; Tue, 17 Oct 2023 06:00:57 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qsjga-00062I-R7; Tue, 17 Oct 2023 09:00:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg2-0005mx-S7 for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:03 -0400 Received: from forwardcorp1c.mail.yandex.net ([2a02:6b8:c03:500:1:45:d181:df01]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg0-0003XY-Oa for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:02 -0400 Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:750a:0:640:e46:0]) by forwardcorp1c.mail.yandex.net (Yandex) with ESMTP id 082A56224D; Tue, 17 Oct 2023 15:59:58 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:8006::1:24]) by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id gxjRqEIOdGk0-cRVXH8bW; Tue, 17 Oct 2023 15:59:57 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1697547597; bh=QiFVoykbpHBlTWlgJZ6QBRG02TjSsd9yTo3dK44bndE=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=hi+8OPNEl89NKOtRJQNLzwNskxQjOsAzSbCmLxwnVx6niX/mUZHbrBRGulvyP9P7A kL3WtKBXrkbJQSj4GGF5hN54pOdgAnf3OtKJVrMohAc8y+7Tdqarbx4atDkrwOOsFd BIP50QsvSlar8aXcEHXEK3KA/luxhJnxw3Hf2QQI= Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, pbonzini@redhat.com, vsementsov@yandex-team.ru, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Thomas Huth , Richard Henderson , Emilio Cota Subject: [PATCH v3 5/6] hw/core/loader: gunzip(): initialize z_stream Date: Tue, 17 Oct 2023 15:59:40 +0300 Message-Id: <20231017125941.810461-6-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017125941.810461-1-vsementsov@yandex-team.ru> References: <20231017125941.810461-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a02:6b8:c03:500:1:45:d181:df01; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1c.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @yandex-team.ru) X-ZM-MESSAGEID: 1697547660369100005 Content-Type: text/plain; charset="utf-8" Coverity signals that variable as being used uninitialized. And really, when work with external APIs that's better to zero out the structure, where we set some fields by hand. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Peter Maydell Reviewed-by: Maksim Davydov --- hw/core/loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/core/loader.c b/hw/core/loader.c index 4dd5a71fb7..b7bb44b7f7 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -558,7 +558,7 @@ static void zfree(void *x, void *addr) =20 ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src, size_t srclen) { - z_stream s; + z_stream s =3D {}; ssize_t dstbytes; int r, i, flags; =20 --=20 2.34.1 From nobody Mon Feb 9 10:11:47 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=yandex-team.ru ARC-Seal: i=1; a=rsa-sha256; t=1697547658; cv=none; d=zohomail.com; s=zohoarc; b=eY9SdJ84MdsoyLiq91FiRwcLmTumOk41Ar609tWVqzjFFq1YiSE7ZhmCk66fUBhVGgUxTERAcUQLNBUv9XXHxe4LdM+yzWj7k0f+o2eKLJCc6wmwlcs5KQ+R1gNuZAwKyU8hkj8ifsRAEjQifj4ewTKX/VJVXXAXgw3d/vzJ/M4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1697547658; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=K2NSR9gc5d8TtCzYn8PXvc/opLX6Fela1pBElbq7QwU=; b=PlQxkq/bfmqfwp9RkzsH7yGSmiQrdqjL2DjEVcKhlSkqUVIgj+UTCupMcLpqjQ0zwLAnnt2Pw/5h9m5ouop8kYkcaXp3QwaEg9RtYfba3lLiW37uGnrGDr6aI516jUm8hwLSUZc0ebHyGURXRJP56ZZryHwmpJOiv3ceAd9WiS8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 16975476580481005.9923543091405; Tue, 17 Oct 2023 06:00:58 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qsjg7-0005oj-97; Tue, 17 Oct 2023 09:00:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg2-0005mq-HG for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:03 -0400 Received: from forwardcorp1b.mail.yandex.net ([178.154.239.136]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qsjg0-0003Y1-H2 for qemu-devel@nongnu.org; Tue, 17 Oct 2023 09:00:01 -0400 Received: from mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net [IPv6:2a02:6b8:c14:750a:0:640:e46:0]) by forwardcorp1b.mail.yandex.net (Yandex) with ESMTP id BF5DF616E4; Tue, 17 Oct 2023 15:59:58 +0300 (MSK) Received: from vsementsov-lin.. (unknown [2a02:6b8:b081:8006::1:24]) by mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net (smtpcorp/Yandex) with ESMTPSA id gxjRqEIOdGk0-28ARftey; Tue, 17 Oct 2023 15:59:58 +0300 Precedence: bulk X-Yandex-Fwd: 1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1697547598; bh=K2NSR9gc5d8TtCzYn8PXvc/opLX6Fela1pBElbq7QwU=; h=Message-Id:Date:In-Reply-To:Cc:Subject:References:To:From; b=pVEXEB3bUVwRPUrJdadUfR2ybt6LkcWM6oLVF2xwmux0LGiP0xulvgokhQSNyL4gf WLYfzBZbs+jTxY9M+RMOs2qJ0kELFyoTggg9495DfsWsfGSSL2osyF/ZDWMrNKZiv/ PPOWHUymMvf/q1+G0SHV15unhEq0XQM76MiFHaB0= Authentication-Results: mail-nwsmtp-smtp-corp-main-34.sas.yp-c.yandex.net; dkim=pass header.i=@yandex-team.ru From: Vladimir Sementsov-Ogievskiy To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, pbonzini@redhat.com, vsementsov@yandex-team.ru, yc-core@yandex-team.ru, davydov-max@yandex-team.ru, =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v3 6/6] io/channel-socket: qio_channel_socket_flush(): improve msg validation Date: Tue, 17 Oct 2023 15:59:41 +0300 Message-Id: <20231017125941.810461-7-vsementsov@yandex-team.ru> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231017125941.810461-1-vsementsov@yandex-team.ru> References: <20231017125941.810461-1-vsementsov@yandex-team.ru> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=178.154.239.136; envelope-from=vsementsov@yandex-team.ru; helo=forwardcorp1b.mail.yandex.net X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @yandex-team.ru) X-ZM-MESSAGEID: 1697547662663100007 Content-Type: text/plain; charset="utf-8" For SO_EE_ORIGIN_ZEROCOPY the 32-bit notification range is encoded as [ee_info, ee_data] inclusively, so ee_info should be less or equal to ee_data. Signed-off-by: Vladimir Sementsov-Ogievskiy Reviewed-by: Maksim Davydov --- io/channel-socket.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/io/channel-socket.c b/io/channel-socket.c index 02ffb51e99..3a899b0608 100644 --- a/io/channel-socket.c +++ b/io/channel-socket.c @@ -782,6 +782,11 @@ static int qio_channel_socket_flush(QIOChannel *ioc, "Error not from zero copy"); return -1; } + if (serr->ee_data < serr->ee_info) { + error_setg_errno(errp, serr->ee_origin, + "Wrong notification bounds"); + return -1; + } =20 /* No errors, count successfully finished sendmsg()*/ sioc->zero_copy_sent +=3D serr->ee_data - serr->ee_info + 1; --=20 2.34.1