[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 01/40] target-ppc: Document TOCTTOU in hugepage suppo
From: |
Markus Armbruster |
Subject: |
[Qemu-devel] [PULL 01/40] target-ppc: Document TOCTTOU in hugepage support |
Date: |
Fri, 18 Mar 2016 18:00:48 +0100 |
The code to find the minimum page size is is vulnerable to TOCTTOU.
Added in commit 2d103aa "target-ppc: fix hugepage support when using
memory-backend-file" (v2.4.0). Since I can't fix it myself right now,
add a FIXME comment.
Cc: Paolo Bonzini <address@hidden>
Cc: Michael Roth <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
---
target-ppc/kvm.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
index 776336b..2fc9931 100644
--- a/target-ppc/kvm.c
+++ b/target-ppc/kvm.c
@@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path)
return fs.f_bsize;
}
+/*
+ * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
+ * may or may not name the same files / on the same filesystem now as
+ * when we actually open and map them. Iterate over the file
+ * descriptors instead, and use qemu_fd_getpagesize().
+ */
static int find_max_supported_pagesize(Object *obj, void *opaque)
{
char *mem_path;
--
2.4.3
- [Qemu-devel] [PULL 00/40] ivshmem: Fixes, cleanups, device model split, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 12/40] ivshmem: Compile debug prints unconditionally to prevent bit-rot, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 07/40] ivshmem-test: Improve test case /ivshmem/single, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 09/40] ivshmem-test: Improve test cases /ivshmem/server-*, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 06/40] tests/libqos/pci-pc: Fix qpci_pc_iomap() to map BARs aligned, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 03/40] ivshmem-server: Don't overload POSIX shmem and file name, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 08/40] ivshmem-test: Clean up wait for devices to become operational, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 01/40] target-ppc: Document TOCTTOU in hugepage support,
Markus Armbruster <=
- [Qemu-devel] [PULL 05/40] event_notifier: Make event_notifier_init_fd() #ifdef CONFIG_EVENTFD, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 15/40] ivshmem: Don't destroy the chardev on version mismatch, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 11/40] ivshmem: Add missing newlines to debug printfs, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 22/40] ivshmem: Simplify rejection of invalid peer ID from server, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 18/40] ivshmem: Clean up register callbacks, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 14/40] ivshmem: Drop ivshmem_event() stub, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 24/40] ivshmem: Plug leaks on unplug, fix peer disconnect, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 38/40] ivshmem: Drop ivshmem property x-memdev, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 20/40] ivshmem: Leave INTx alone when using MSI-X, Markus Armbruster, 2016/03/18
- [Qemu-devel] [PULL 39/40] ivshmem: Require master to have ID zero, Markus Armbruster, 2016/03/18