[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepage s
From: |
Markus Armbruster |
Subject: |
[Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepage support |
Date: |
Tue, 15 Mar 2016 19:34:16 +0100 |
The code to find the minimum page size is is vulnerable to TOCTTOU.
Added in commit 2d103aa "target-ppc: fix hugepage support when using
memory-backend-file" (v2.4.0). Since I can't fix it myself right now,
add a FIXME comment.
Cc: Paolo Bonzini <address@hidden>
Cc: Michael Roth <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
---
target-ppc/kvm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index d67c169..5be57a7 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path)
return fs.f_bsize;
}
+/*
+ * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
+ * may or may not name the same files / on the same filesystem now as
+ * when we actually open and map them. Iterate over the file
+ * descriptors instead, and use qemu_fd_getpagesize().
+ */
static int find_max_supported_pagesize(Object *obj, void *opaque)
{
char *mem_path;
--
2.4.3
- Re: [Qemu-devel] [PATCH v3 33/40] ivshmem: Inline check_shm_size() into its only caller, (continued)
- [Qemu-devel] [PATCH v3 40/40] contrib/ivshmem-server: Print "not for production" warning, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 27/40] ivshmem: Rely on server sending the ID right after the version, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 26/40] ivshmem: Propagate errors through ivshmem_recv_setup(), Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 10/40] ivshmem: Rewrite specification document, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 36/40] ivshmem: Split ivshmem-plain, ivshmem-doorbell off ivshmem, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 30/40] ivshmem: Tighten check of property "size", Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 01/40] target-ppc: Document TOCTTOU in hugepage support,
Markus Armbruster <=
- [Qemu-devel] [PATCH v3 16/40] ivshmem: Fix harmless misuse of Error, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 34/40] qdev: New DEFINE_PROP_ON_OFF_AUTO, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 29/40] ivshmem: Simplify how we cope with short reads from server, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 39/40] ivshmem: Require master to have ID zero, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 31/40] ivshmem: Implement shm=... with a memory backend, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 05/40] event_notifier: Make event_notifier_init_fd() #ifdef CONFIG_EVENTFD, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 28/40] ivshmem: Drop the hackish test for UNIX domain chardev, Markus Armbruster, 2016/03/15
- [Qemu-devel] [PATCH v3 32/40] ivshmem: Simplify memory regions for BAR 2 (shared memory), Markus Armbruster, 2016/03/15