On Mon, Aug 16, 2021 at 09:42:40AM -0700, Elena Ufimtseva wrote:
> +int vfio_user_get_info(VFIODevice *vbasedev)
> +{
> + VFIOUserDeviceInfo msg;
> +
> + memset(&msg, 0, sizeof(msg));
> + vfio_user_request_msg(&msg.hdr, VFIO_USER_DEVICE_GET_INFO, sizeof(msg),
> 0);
> + msg.argsz = sizeof(struct vfio_device_info);
> +
> + vfio_user_send_recv(vbasedev->proxy, &msg.hdr, NULL, 0, 0);
> + if (msg.hdr.flags & VFIO_USER_ERROR) {
> + return -msg.hdr.error_reply;
> + }
> +
> + vbasedev->num_irqs = msg.num_irqs;
> + vbasedev->num_regions = msg.num_regions;
> + vbasedev->flags = msg.flags;
> + vbasedev->reset_works = !!(msg.flags & VFIO_DEVICE_FLAGS_RESET);No input validation. I haven't checked what happens when num_irqs, num_regions, or flags are bogus but it's a little concerning. Unlike kernel VFIO, we do not trust these values. Stefan
signature.asc
Description: PGP signature
