Michael S. Tsirkin
2018-Dec-13 19:55 UTC
[PATCH] vhost: return EINVAL if iovecs size does not match the message size
On Thu, Dec 13, 2018 at 05:53:50PM +0300, Pavel Tikhomirov wrote:> We've failed to copy and process vhost_iotlb_msg so let userspace at > least know about it. For instance before these patch the code below runs > without any error: > > int main() > { > struct vhost_msg msg; > struct iovec iov; > int fd; > > fd = open("/dev/vhost-net", O_RDWR); > if (fd == -1) { > perror("open"); > return 1; > } > > iov.iov_base = &msg; > iov.iov_len = sizeof(msg)-4; > > if (writev(fd, &iov,1) == -1) { > perror("writev"); > return 1; > } > > return 0; > } > > Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>Thanks for the patch!> --- > drivers/vhost/vhost.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c > index 3a5f81a66d34..03014224ef13 100644 > --- a/drivers/vhost/vhost.c > +++ b/drivers/vhost/vhost.c > @@ -1024,8 +1024,10 @@ ssize_t vhost_chr_write_iter(struct vhost_dev *dev, > int type, ret; > > ret = copy_from_iter(&type, sizeof(type), from); > - if (ret != sizeof(type)) > + if (ret != sizeof(type)) { > + ret = -EINVAL; > goto done; > + } > > switch (type) { > case VHOST_IOTLB_MSG:should this be EFAULT rather?> @@ -1044,8 +1046,10 @@ ssize_t vhost_chr_write_iter(struct vhost_dev *dev, > > iov_iter_advance(from, offset); > ret = copy_from_iter(&msg, sizeof(msg), from); > - if (ret != sizeof(msg)) > + if (ret != sizeof(msg)) { > + ret = -EINVAL; > goto done; > + } > if (vhost_process_iotlb_msg(dev, &msg)) { > ret = -EFAULT; > goto done;This too?> -- > 2.17.1
Apparently Analagous Threads
- [PATCH] vhost: return EINVAL if iovecs size does not match the message size
- [PATCH net-next] vhost: switch to use new message format
- [PATCH net-next V2] vhost: switch to use new message format
- [PATCH net-next] vhost: switch to use new message format
- [PATCH net-next] vhost: switch to use new message format