search for: sg_num

...unsigned int in_num, > + struct virtio_pstore_res *res) > +{ > + char path[PATH_MAX]; Don't declare PATH_MAX sized variables > + int fd; > + ssize_t len; > + struct stat stbuf; > + struct dirent *dent; > + int sg_num = in_num; > + struct iovec sg[sg_num]; 'sg_num' is initialized from 'in_num' which comes from the guest, and I'm not seeing anything which is bounds-checking the 'in_num' value. So you've possibly got a security flaw here I think, if the guest can cause QEMU t...

...unsigned int in_num, > + struct virtio_pstore_res *res) > +{ > + char path[PATH_MAX]; Don't declare PATH_MAX sized variables > + int fd; > + ssize_t len; > + struct stat stbuf; > + struct dirent *dent; > + int sg_num = in_num; > + struct iovec sg[sg_num]; 'sg_num' is initialized from 'in_num' which comes from the guest, and I'm not seeing anything which is bounds-checking the 'in_num' value. So you've possibly got a security flaw here I think, if the guest can cause QEMU t...

...gt; > +{ > > + char path[PATH_MAX]; > > Don't declare PATH_MAX sized variables Will change to use g_strdup_printf() as you said. > > > + int fd; > > + ssize_t len; > > + struct stat stbuf; > > + struct dirent *dent; > > + int sg_num = in_num; > > + struct iovec sg[sg_num]; > > 'sg_num' is initialized from 'in_num' which comes from the > guest, and I'm not seeing anything which is bounds-checking > the 'in_num' value. So you've possibly got a security flaw here > I think,...

This is a subject that came up in the virtio BOF session at OLS. I decided to go forward and implement something that I like, based on the latest virtio proposal at the time, which was draft III. It's not a drop-in replacement, because it's missing a host implementation. I first started my own, which is not done yet, but wanted to do one for lguest and one for emulated PCI next. It's

This is a subject that came up in the virtio BOF session at OLS. I decided to go forward and implement something that I like, based on the latest virtio proposal at the time, which was draft III. It's not a drop-in replacement, because it's missing a host implementation. I first started my own, which is not done yet, but wanted to do one for lguest and one for emulated PCI next. It's

...store_fileinfo *info = &rarg->info; > + VirtIOPstore *vps = rarg->vps; > + VirtQueueElement *elem = rarg->elem; > + struct virtio_pstore_res res; > + size_t offset = sizeof(res) + sizeof(*info); > + struct iovec *sg = elem->in_sg; > + unsigned int sg_num = elem->in_num; > + Error *err = NULL; > + ssize_t len; > + int ret; > + > + /* skip res and fileinfo */ > + iov_discard_front(&sg, &sg_num, sizeof(res) + sizeof(*info)); > + > + len = qio_channel_readv(rarg->ioc, sg, sg_num, &err); > +...

...store_fileinfo *info = &rarg->info; > + VirtIOPstore *vps = rarg->vps; > + VirtQueueElement *elem = rarg->elem; > + struct virtio_pstore_res res; > + size_t offset = sizeof(res) + sizeof(*info); > + struct iovec *sg = elem->in_sg; > + unsigned int sg_num = elem->in_num; > + Error *err = NULL; > + ssize_t len; > + int ret; > + > + /* skip res and fileinfo */ > + iov_discard_front(&sg, &sg_num, sizeof(res) + sizeof(*info)); > + > + len = qio_channel_readv(rarg->ioc, sg, sg_num, &err); > +...

...g = data; + struct virtio_pstore_fileinfo *info = &rarg->info; + VirtIOPstore *vps = rarg->vps; + VirtQueueElement *elem = rarg->elem; + struct virtio_pstore_res res; + size_t offset = sizeof(res) + sizeof(*info); + struct iovec *sg = elem->in_sg; + unsigned int sg_num = elem->in_num; + Error *err = NULL; + ssize_t len; + int ret; + + /* skip res and fileinfo */ + iov_discard_front(&sg, &sg_num, sizeof(res) + sizeof(*info)); + + len = qio_channel_readv(rarg->ioc, sg, sg_num, &err); + if (len < 0) { + if (errno == E...

...rg->info; > > + VirtIOPstore *vps = rarg->vps; > > + VirtQueueElement *elem = rarg->elem; > > + struct virtio_pstore_res res; > > + size_t offset = sizeof(res) + sizeof(*info); > > + struct iovec *sg = elem->in_sg; > > + unsigned int sg_num = elem->in_num; > > + Error *err = NULL; > > + ssize_t len; > > + int ret; > > + > > + /* skip res and fileinfo */ > > + iov_discard_front(&sg, &sg_num, sizeof(res) + sizeof(*info)); > > + > > + len = qio_channel_readv(rar...

...pstore_do_read(VirtIOPstore *s, struct iovec *in_sg, + unsigned int in_num, + struct virtio_pstore_res *res) +{ + char path[PATH_MAX]; + int fd; + ssize_t len; + struct stat stbuf; + struct dirent *dent; + int sg_num = in_num; + struct iovec sg[sg_num]; + struct virtio_pstore_fileinfo info; + size_t offset = sizeof(*res) + sizeof(info); + + if (s->dirp == NULL) { + return -1; + } + + dent = readdir(s->dirp); + while (dent) { + if (dent->d_name[0] != '.') { +...

...VirtIOPstore *vps = rarg->vps; > > > + VirtQueueElement *elem = rarg->elem; > > > + struct virtio_pstore_res res; > > > + size_t offset = sizeof(res) + sizeof(*info); > > > + struct iovec *sg = elem->in_sg; > > > + unsigned int sg_num = elem->in_num; > > > + Error *err = NULL; > > > + ssize_t len; > > > + int ret; > > > + > > > + /* skip res and fileinfo */ > > > + iov_discard_front(&sg, &sg_num, sizeof(res) + sizeof(*info)); > > > + > &g...

Hello, This is v2 of the virtio-pstore work. In this patchset I addressed most of feedbacks from previous version. Limiting disk size is not implemented yet. * changes in v2) - update VIRTIO_ID_PSTORE to 22 (Cornelia, Stefan) - make buffer size configurable (Cornelia) - support PSTORE_TYPE_CONSOLE (Kees) - use separate virtqueues for read and write - support concurrent async

Hello, This is v2 of the virtio-pstore work. In this patchset I addressed most of feedbacks from previous version. Limiting disk size is not implemented yet. * changes in v2) - update VIRTIO_ID_PSTORE to 22 (Cornelia, Stefan) - make buffer size configurable (Cornelia) - support PSTORE_TYPE_CONSOLE (Kees) - use separate virtqueues for read and write - support concurrent async

...*in_sg, > + unsigned int in_num, > + struct virtio_pstore_res *res) > +{ > + char path[PATH_MAX]; > + int fd; > + ssize_t len; > + struct stat stbuf; > + struct dirent *dent; > + int sg_num = in_num; > + struct iovec sg[sg_num]; > + struct virtio_pstore_fileinfo info; > + size_t offset = sizeof(*res) + sizeof(info); > + > + if (s->dirp == NULL) { > + return -1; > + } > + > + dent = readdir(s->dirp); > + while (dent) { &gt...

...*in_sg, > + unsigned int in_num, > + struct virtio_pstore_res *res) > +{ > + char path[PATH_MAX]; > + int fd; > + ssize_t len; > + struct stat stbuf; > + struct dirent *dent; > + int sg_num = in_num; > + struct iovec sg[sg_num]; > + struct virtio_pstore_fileinfo info; > + size_t offset = sizeof(*res) + sizeof(info); > + > + if (s->dirp == NULL) { > + return -1; > + } > + > + dent = readdir(s->dirp); > + while (dent) { &gt...

Hello, This is another iteration of the virtio-pstore work. In this patchset I addressed most of feedbacks from previous version and drooped the support for PSTORE_TYPE_CONSOLE for simplicity. It'll be added once the basic implementation * changes in v3) - use QIOChannel API (Stefan, Daniel) - add bound check for malcious guests (Daniel) - drop support PSTORE_TYPE_CONSOLE for now

Hello, This is another iteration of the virtio-pstore work. In this patchset I addressed most of feedbacks from previous version and drooped the support for PSTORE_TYPE_CONSOLE for simplicity. It'll be added once the basic implementation * changes in v3) - use QIOChannel API (Stefan, Daniel) - add bound check for malcious guests (Daniel) - drop support PSTORE_TYPE_CONSOLE for now

Hello, This is another iteration of the virtio-pstore work. I've addressed all comments from Daniel Berrange on the qemu side. * changes in v4) - use qio_channel_file_new_path() (Daniel) - rename to delete_old_pstore_file (Daniel) - convert G_REMOVE_SOURCE to FALSE (Daniel) * changes in v3) - use QIOChannel API (Stefan, Daniel) - add bound check for malcious guests

Hello, This is another iteration of the virtio-pstore work. I've addressed all comments from Daniel Berrange on the qemu side. * changes in v4) - use qio_channel_file_new_path() (Daniel) - rename to delete_old_pstore_file (Daniel) - convert G_REMOVE_SOURCE to FALSE (Daniel) * changes in v3) - use QIOChannel API (Stefan, Daniel) - add bound check for malcious guests