Stop vhost-user sending uninitialized mmap_offsets
authorRaphael Norwitz <raphael.norwitz@nutanix.com>
Mon, 22 Jun 2020 23:50:44 +0000 (23:50 +0000)
committerMichael S. Tsirkin <mst@redhat.com>
Wed, 24 Jun 2020 21:18:28 +0000 (17:18 -0400)
commit8d19371593dedda64622bbcec8f81d8d8cee5e76
treee93679cc8ad8068387c167a1a88ca3ae2bd5e6e3
parent56172c4ccdbbfae3aded3baecd6148935fac39a9
Stop vhost-user sending uninitialized mmap_offsets

Prior to this change, the vhost_user_fill_msg_region function filled out
all elements of the VhostUserMemoryRegion struct except the mmap_offset.

This function is often called on uninitialized structs, which are then
copied into VHOST_USER_SET_MEM_TABLE and VHOST_USER_ADD/REM_MEM_REG
messages. In some cases, where the mmap_offset was not needed, it was
left uninitialized, causing QEMU to send the backend uninitialized data,
which Coverity flagged as a series of issues.

This change augments the vhost_user_fill_msg_region API, adding a
mmap_offset paramenter, forcing the caller to initialize mmap_offset.

Fixes: ece99091c2d0aeb23734289a50ef2ff4e0a08929
Fixes: f1aeb14b0809e313c74244d838645ed25e85ea63
Reported-by: Coverity (CIDs 1429802, 1429803 and 1429804)
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <1592650156-25845-1-git-send-email-raphael.norwitz@nutanix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
hw/virtio/vhost-user.c