On Mon, Aug 30, 2021 at 03:11:39AM +0000, John Johnson wrote: > > > > On Aug 24, 2021, at 9:04 AM, Stefan Hajnoczi <stefa...@redhat.com> wrote: > > > > On Mon, Aug 16, 2021 at 09:42:40AM -0700, Elena Ufimtseva wrote: > >> +int vfio_user_get_info(VFIODevice *vbasedev) > >> +{ > >> + VFIOUserDeviceInfo msg; > >> + > >> + memset(&msg, 0, sizeof(msg)); > >> + vfio_user_request_msg(&msg.hdr, VFIO_USER_DEVICE_GET_INFO, > >> sizeof(msg), 0); > >> + msg.argsz = sizeof(struct vfio_device_info); > >> + > >> + vfio_user_send_recv(vbasedev->proxy, &msg.hdr, NULL, 0, 0); > >> + if (msg.hdr.flags & VFIO_USER_ERROR) { > >> + return -msg.hdr.error_reply; > >> + } > >> + > >> + vbasedev->num_irqs = msg.num_irqs; > >> + vbasedev->num_regions = msg.num_regions; > >> + vbasedev->flags = msg.flags; > >> + vbasedev->reset_works = !!(msg.flags & VFIO_DEVICE_FLAGS_RESET); > > > > No input validation. I haven't checked what happens when num_irqs, > > num_regions, or flags are bogus but it's a little concerning. Unlike > > kernel VFIO, we do not trust these values. > > > > As in the last reply, vfio-user doesn’t know valid values > from invalid, so I need to re-work this so the PCI-specific code that > calls vfio-user_get_info() can test for invalid values.
Sounds good. I won't look further for missing input validation in the VFIO message contents in this revision of the patch series. Once you're happy with input validation I'll look at the code from this angle again. Stefan
signature.asc
Description: PGP signature