OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

io/channel-socket: qio_channel_socket_flush(): improve msg validation

Browse Source 
For SO_EE_ORIGIN_ZEROCOPY the 32-bit notification range is encoded
as [ee_info, ee_data] inclusively, so ee_info should be less or
equal to ee_data.

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Message-id: 20231017125941.810461-7-vsementsov@yandex-team.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Vladimir Sementsov-Ogievskiy 2023-11-06 15:00:28 +00:00 committed by Peter Maydell
parent 59a3aff685
commit 35bafa95da
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
io/channel-socket.c
View File

@ -782,6 +782,11 @@ static int qio_channel_socket_flush(QIOChannel *ioc,
"Error not from zero copy");
return -1;
}
if (serr->ee_data < serr->ee_info) {
error_setg_errno(errp, serr->ee_origin,
"Wrong notification bounds");
return -1;
}
/* No errors, count successfully finished sendmsg()*/
sioc->zero_copy_sent += serr->ee_data - serr->ee_info + 1;