Hi
On Tue, Mar 15, 2016 at 7:34 PM, Markus Armbruster <arm...@redhat.com> wrote:
> The code to find the minimum page size is is vulnerable to TOCTTOU.
> Added in commit 2d103aa "target-ppc: fix hugepage support when using
> memory-backend-file" (v2.4.0). Since I can't fix it myself right now,
> add a FIXME comment.
>
> Cc: Paolo Bonzini <pbonz...@redhat.com>
> Cc: Michael Roth <mdr...@linux.vnet.ibm.com>
> Signed-off-by: Markus Armbruster <arm...@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
> ---
> target-ppc/kvm.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c
> index d67c169..5be57a7 100644
> --- a/target-ppc/kvm.c
> +++ b/target-ppc/kvm.c
> @@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path)
> return fs.f_bsize;
> }
>
> +/*
> + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which
> + * may or may not name the same files / on the same filesystem now as
> + * when we actually open and map them. Iterate over the file
> + * descriptors instead, and use qemu_fd_getpagesize().
> + */
> static int find_max_supported_pagesize(Object *obj, void *opaque)
> {
> char *mem_path;
> --
> 2.4.3
>
>
--
Marc-André Lureau
