Differential D18465

Several iov handling bugs in bhyve virtio-scsi backend
ClosedPublic
Actions

Authored by mav on Dec 6 2018, 10:24 PM.

Tags

None

Referenced Files

	F133098782: D18465.id51690.diff
	Wed, Oct 22, 11:22 PM

	F133098774: D18465.id51737.diff
	Wed, Oct 22, 11:22 PM

	F133098768: D18465.id.diff
	Wed, Oct 22, 11:22 PM

	Unknown Object (File)
	Wed, Oct 22, 2:45 PM

	Unknown Object (File)
	Sat, Oct 18, 3:06 AM

	Unknown Object (File)
	Sat, Oct 18, 2:19 AM

	Unknown Object (File)
	Sat, Oct 11, 2:45 AM

	Unknown Object (File)
	Sun, Oct 5, 1:43 AM

View All 92 Files

Subscribers

Details

Reviewers

araujo
rgrimes

Group Reviewers

Commits

rS341705: Fix several iov handling bugs in bhyve virtio-scsi backend.

Summary

buf_to_iov() does not use buflen parameter, allowing out of bound read.
buf_to_iov() leaks memory if seek argument > 0.
iov_to_buf() doesn't need to reallocate buffer for every segment.
there is no point to use size_t for iov counts, int is more then enough.
some iov function arguments can be constified.
pci_vtscsi_request_handle() used truncate_iov() incorrectly, allowing getting out of buffer and possibly corrupting data.
pci_vtscsi_controlq_notify() written returned status at wrong offset.
pci_vtscsi_controlq_notify() leaked one buffer per event.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

mav created this revision.Dec 6 2018, 10:24 PM

Herald added a reviewer: rgrimes. · View Herald TranscriptDec 6 2018, 10:24 PM

Herald added a subscriber: imp. · View Herald Transcript

Harbormaster completed remote builds in B21414: Diff 51690.Dec 6 2018, 10:24 PM

araujo edited reviewers, added: bhyve; removed: wg.Dec 7 2018, 4:59 AM

araujo added a subscriber: wg.

mav edited the summary of this revision. (Show Details)Dec 7 2018, 2:48 PM

Lgtm!

This revision is now accepted and ready to land.Dec 7 2018, 7:25 PM

Closed by commit rS341705: Fix several iov handling bugs in bhyve virtio-scsi backend. (authored by mav). · Explain WhyDec 7 2018, 8:31 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

head/

usr.sbin/

bhyve/

13 lines

57 lines

pci_virtio_scsi.c

10 lines

Diff 51737

head/usr.sbin/bhyve/iov.h

Loading...

head/usr.sbin/bhyve/iov.c

Loading...

head/usr.sbin/bhyve/pci_virtio_scsi.c

Loading...