From patchwork Sun Jun 19 09:44:35 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Aneesh Kumar K.V" X-Patchwork-Id: 894442 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter1.kernel.org (8.14.4/8.14.4) with ESMTP id p5J9ipeI021943 for ; Sun, 19 Jun 2011 09:44:51 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752650Ab1FSJot (ORCPT ); Sun, 19 Jun 2011 05:44:49 -0400 Received: from e23smtp05.au.ibm.com ([202.81.31.147]:56146 "EHLO e23smtp05.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752250Ab1FSJos (ORCPT ); Sun, 19 Jun 2011 05:44:48 -0400 Received: from d23relay03.au.ibm.com (d23relay03.au.ibm.com [202.81.31.245]) by e23smtp05.au.ibm.com (8.14.4/8.13.1) with ESMTP id p5J9cQPu001889 for ; Sun, 19 Jun 2011 19:38:26 +1000 Received: from d23av03.au.ibm.com (d23av03.au.ibm.com [9.190.234.97]) by d23relay03.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p5J9idF4737320 for ; Sun, 19 Jun 2011 19:44:39 +1000 Received: from d23av03.au.ibm.com (loopback [127.0.0.1]) by d23av03.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p5J9idPd026611 for ; Sun, 19 Jun 2011 19:44:39 +1000 Received: from skywalker.ibm.com ([9.126.238.146]) by d23av03.au.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id p5J9ia92026607; Sun, 19 Jun 2011 19:44:37 +1000 From: "Aneesh Kumar K.V" To: penberg@kernel.org, levinsasha928@gmail.com Cc: kvm@vger.kernel.org, "Aneesh Kumar K.V" Subject: [PATCH] tools/kvm/9p: check the iov count with the read/write count Date: Sun, 19 Jun 2011 15:14:35 +0530 Message-Id: <1308476675-11299-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com> X-Mailer: git-send-email 1.7.4.1 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.6 (demeter1.kernel.org [140.211.167.41]); Sun, 19 Jun 2011 09:44:51 +0000 (UTC) Make sure we don't read/write more than what is requested from client. Signed-off-by: Aneesh Kumar K.V --- I am not sure whether we really need this. But seems to be a good check to make sure we don't read/write more tools/kvm/virtio/9p.c | 21 +++++++++++++++++++++ 1 files changed, 21 insertions(+), 0 deletions(-) diff --git a/tools/kvm/virtio/9p.c b/tools/kvm/virtio/9p.c index ba5dd7c..558a713 100644 --- a/tools/kvm/virtio/9p.c +++ b/tools/kvm/virtio/9p.c @@ -193,6 +193,22 @@ static void set_p9msg_hdr(struct p9_msg *msg, u32 size, u8 cmd, u16 tag) }; } +static u16 virtio_p9_update_iov_cnt(struct iovec iov[], u32 count, int iov_cnt) +{ + int i; + u32 total = 0; + for (i = 0; (i < iov_cnt) && (total < count); i++) { + if (total + iov[i].iov_len > count) { + /* we don't need this iov fully */ + iov[i].iov_len -= ((total + iov[i].iov_len) - count); + i++; + break; + } + total += iov[i].iov_len; + } + return i; +} + static bool virtio_p9_version(struct p9_dev *p9dev, struct p9_pdu *pdu, u32 *outlen) { @@ -444,6 +460,9 @@ static bool virtio_p9_read(struct p9_dev *p9dev, } else { pdu->in_iov[0].iov_base += VIRTIO_P9_HDR_LEN + sizeof(u32); pdu->in_iov[0].iov_len -= VIRTIO_P9_HDR_LEN + sizeof(u32); + pdu->in_iov_cnt = virtio_p9_update_iov_cnt(pdu->in_iov, + tread->count, + pdu->in_iov_cnt); rread->count = preadv(fid->fd, pdu->in_iov, pdu->in_iov_cnt, tread->offset); if (rread->count > tread->count) @@ -548,6 +567,8 @@ static bool virtio_p9_write(struct p9_dev *p9dev, pdu->out_iov[0].iov_base += (sizeof(*outmsg) + sizeof(*twrite)); pdu->out_iov[0].iov_len -= (sizeof(*outmsg) + sizeof(*twrite)); + pdu->out_iov_cnt = virtio_p9_update_iov_cnt(pdu->out_iov, twrite->count, + pdu->out_iov_cnt); rwrite->count = pwritev(fid->fd, pdu->out_iov, pdu->out_iov_cnt, twrite->offset); *outlen = VIRTIO_P9_HDR_LEN + sizeof(u32);