Page MenuHomeFreeBSD

bhyve: Avoid unlikely truncation of the blockif ident strings.
ClosedPublic

Authored by jhb on Wed, Nov 23, 11:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 30, 5:26 AM
Unknown Object (File)
Tue, Nov 29, 1:11 AM

Details

Summary

The ident string for NVMe and VirtIO block deivces do not contain the
bus, and the various fields can potentially use up to three characters
when printed as unsigned values (full range of uint8_t) even if not
likely in practice.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Wed, Nov 23, 11:16 PM
This revision is now accepted and ready to land.Thu, Nov 24, 6:35 AM

GCC still warns about a potential overflow after this, but I think GCC's overflow checking has an off by one error.

usr.sbin/bhyve/pci_nvme.c
3229

Have you tried using %u? Maybe gcc warns due to the possible minus sign of signed integers?

LGTM but I'm also curious if @corvink suggestion of %u helps

Yes, %u helps, and there's actually similar bugs in ahci and virtio_blk so I'll update the review to fix all of those.

jhb retitled this revision from bhyve: Avoid unlikely truncation of the blockif ident for NVMe. to bhyve: Avoid unlikely truncation of the blockif ident strings..Sun, Nov 27, 12:19 AM
jhb edited the summary of this revision. (Show Details)

Use %u, add ahci and virtio-blk

This revision now requires review to proceed.Sun, Nov 27, 12:20 AM
This revision is now accepted and ready to land.Sun, Nov 27, 8:01 AM