Compare commits

..

4 Commits

Author SHA1 Message Date
dependabot[bot]
e99540e5e9 build: Bump serde_json from 1.0.114 to 1.0.115 in /fuzz
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.114 to 1.0.115.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.114...v1.0.115)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-05 00:05:39 +00:00
Wei Liu
101cfb9650 virtio-devices: fs: cap the tag copy length
The caller shouldn't pass in an &str that's too long. This is a
precaution if something goes wrong in the caller.

Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-04-04 20:42:36 +00:00
Wei Liu
11c593e3b9 virtio-devices: fs: avoid unnecessary string allocation
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-04-04 20:42:36 +00:00
Wei Liu
f3b0f59646 vmm: validate virtio-fs tag length
Signed-off-by: Wei Liu <liuwe@microsoft.com>
2024-04-04 20:42:36 +00:00
3 changed files with 22 additions and 6 deletions

4
fuzz/Cargo.lock generated
View File

@ -720,9 +720,9 @@ dependencies = [
[[package]] [[package]]
name = "serde_json" name = "serde_json"
version = "1.0.114" version = "1.0.115"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c5f09b1bd632ef549eaa9f60a1f8de742bdbc698e6cee2095fc84dde5f549ae0" checksum = "12dc5c46daa8e9fdf4f5e71b6cf9a53f2487da0e86e55808e2d35539666497dd"
dependencies = [ dependencies = [
"itoa", "itoa",
"ryu", "ryu",

View File

@ -271,17 +271,18 @@ impl VhostUserFrontendReqHandler for BackendReqHandler {
} }
} }
pub const VIRTIO_FS_TAG_LEN: usize = 36;
#[derive(Copy, Clone, Versionize)] #[derive(Copy, Clone, Versionize)]
#[repr(C, packed)] #[repr(C, packed)]
pub struct VirtioFsConfig { pub struct VirtioFsConfig {
pub tag: [u8; 36], pub tag: [u8; VIRTIO_FS_TAG_LEN],
pub num_request_queues: u32, pub num_request_queues: u32,
} }
impl Default for VirtioFsConfig { impl Default for VirtioFsConfig {
fn default() -> Self { fn default() -> Self {
VirtioFsConfig { VirtioFsConfig {
tag: [0; 36], tag: [0; VIRTIO_FS_TAG_LEN],
num_request_queues: 0, num_request_queues: 0,
} }
} }
@ -397,8 +398,13 @@ impl Fs {
// Create virtio-fs device configuration. // Create virtio-fs device configuration.
let mut config = VirtioFsConfig::default(); let mut config = VirtioFsConfig::default();
let tag_bytes_vec = tag.to_string().into_bytes(); let tag_bytes_slice = tag.as_bytes();
config.tag[..tag_bytes_vec.len()].copy_from_slice(tag_bytes_vec.as_slice()); let len = if tag_bytes_slice.len() < config.tag.len() {
tag_bytes_slice.len()
} else {
config.tag.len()
};
config.tag[..len].copy_from_slice(tag_bytes_slice[..len].as_ref());
config.num_request_queues = req_num_queues as u32; config.num_request_queues = req_num_queues as u32;
( (

View File

@ -24,6 +24,8 @@ const MAX_NUM_PCI_SEGMENTS: u16 = 96;
pub enum Error { pub enum Error {
/// Filesystem tag is missing /// Filesystem tag is missing
ParseFsTagMissing, ParseFsTagMissing,
/// Filesystem tag is too long
ParseFsTagTooLong,
/// Filesystem socket is missing /// Filesystem socket is missing
ParseFsSockMissing, ParseFsSockMissing,
/// Missing persistent memory file parameter. /// Missing persistent memory file parameter.
@ -355,6 +357,11 @@ impl fmt::Display for Error {
ParseFileSystem(o) => write!(f, "Error parsing --fs: {o}"), ParseFileSystem(o) => write!(f, "Error parsing --fs: {o}"),
ParseFsSockMissing => write!(f, "Error parsing --fs: socket missing"), ParseFsSockMissing => write!(f, "Error parsing --fs: socket missing"),
ParseFsTagMissing => write!(f, "Error parsing --fs: tag missing"), ParseFsTagMissing => write!(f, "Error parsing --fs: tag missing"),
ParseFsTagTooLong => write!(
f,
"Error parsing --fs: max tag length is {}",
virtio_devices::vhost_user::VIRTIO_FS_TAG_LEN
),
ParsePersistentMemory(o) => write!(f, "Error parsing --pmem: {o}"), ParsePersistentMemory(o) => write!(f, "Error parsing --pmem: {o}"),
ParsePmemFileMissing => write!(f, "Error parsing --pmem: file missing"), ParsePmemFileMissing => write!(f, "Error parsing --pmem: file missing"),
ParseVsock(o) => write!(f, "Error parsing --vsock: {o}"), ParseVsock(o) => write!(f, "Error parsing --vsock: {o}"),
@ -1519,6 +1526,9 @@ impl FsConfig {
parser.parse(fs).map_err(Error::ParseFileSystem)?; parser.parse(fs).map_err(Error::ParseFileSystem)?;
let tag = parser.get("tag").ok_or(Error::ParseFsTagMissing)?; let tag = parser.get("tag").ok_or(Error::ParseFsTagMissing)?;
if tag.len() > virtio_devices::vhost_user::VIRTIO_FS_TAG_LEN {
return Err(Error::ParseFsTagTooLong);
}
let socket = PathBuf::from(parser.get("socket").ok_or(Error::ParseFsSockMissing)?); let socket = PathBuf::from(parser.get("socket").ok_or(Error::ParseFsSockMissing)?);
let queue_size = parser let queue_size = parser