From patchwork Thu Aug 24 16:57:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 716567 Delivered-To: patch@linaro.org Received: by 2002:adf:f747:0:b0:317:ecd7:513f with SMTP id z7csp1451688wrp; Thu, 24 Aug 2023 09:58:50 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGiTaRZ9q70wfRhXlNg4wG62l/eCsmUCc9lmaRRRORBDiLcHZuYRGZsv1MuhbnhKdJrPE6F X-Received: by 2002:a0c:e392:0:b0:63f:9700:42e7 with SMTP id a18-20020a0ce392000000b0063f970042e7mr16211806qvl.16.1692896330310; Thu, 24 Aug 2023 09:58:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692896330; cv=none; d=google.com; s=arc-20160816; b=DmRcOs11NTX6ZCPvV4AKqS+XhFjEd7qqm69ybK7PxC4nYy3P54lCS4rGMsJUN7/Yff BH+pYuoXhM5pe70e5OUj1PSz3boG2TbhdT1JBwIfqJKpw7iCulMd3f3pRWr7rYCNxMi9 9HWL9QKYYh+hqJj2N1J792+quXzm6FeAN6yk6hOJJaTV3a2q7k+idXebOQVUHHOyzkxJ Ac6lLIL5Q2cdOjia8a2c1TE9aMvmkYcioz03zz6N3SbDRHVgYS/JuNEbpvLYic2G+6Cf H3Vrfc43yAlqKu9b4UmOcuWwGbjTrizZFjbrlqEOnywdYgmyQOBmkB48w9E4Yb+w0vbZ Iiqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=6btm2bj7axX72krV93gy9BGEHB1Ne2PaEfLnWDePLQI=; fh=bfAKWEtaeZCRFvX60yX8oKzfv7frQWUbHBMoT+dA5oo=; b=Y35EZBfFP2RBUdfh2mb0znDFb4g9pohmEQx246o3aQWbJQnmus8Vw0TUlNXyOQVj+3 5DvvT3kTVqNOYnK3UOpul1rBrbfpVNihH4zEQliqdF7IEDKUKF88calp0JVeEz2lTnS5 fTmQNZqR7qc1qKJDy8wGhlNgkArIMNcMpI9/pKZM31P+XC+36GQxuNvIf3vo/4+1Gnhl 9mZ2nBvtIbOcs47PLDUFOPi65ehtCQc/36gX+xmAPxk4GVq8H4DXZv68gbCw5bvjYvPw 7qjFR74pOYuBP1OhlZ0HioKmCZIjcomt6rx1G6vII4ToDdOv28ou6smRsn8VRebqpsOM duOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OCGZKtGU; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id u11-20020a0cdd0b000000b006362fa5fd83si8484641qvk.266.2023.08.24.09.58.50 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 24 Aug 2023 09:58:50 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=OCGZKtGU; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qZDeV-0004Wa-Ur; Thu, 24 Aug 2023 12:57:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qZDeU-0004Vq-CJ for qemu-devel@nongnu.org; Thu, 24 Aug 2023 12:57:46 -0400 Received: from mail-lj1-x22c.google.com ([2a00:1450:4864:20::22c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qZDeR-0003Iv-HB for qemu-devel@nongnu.org; Thu, 24 Aug 2023 12:57:46 -0400 Received: by mail-lj1-x22c.google.com with SMTP id 38308e7fff4ca-2b9338e4695so107089011fa.2 for ; Thu, 24 Aug 2023 09:57:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1692896261; x=1693501061; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=6btm2bj7axX72krV93gy9BGEHB1Ne2PaEfLnWDePLQI=; b=OCGZKtGUjmv5dysmUo9GNgnrfY6JWjn6xuNCIt4xh5nL7gDMKkbf4XSFeczipVelgX LOu1uoZayQkT7muUU/0NJ6y3p/bekz8U26oULy8ffH25x9yI5lFuWsRc/e5SfrZFL7Gm KRT/X2n78biO24zcXHJt37UjgjcsmSEm3kiKQjApQenwyfwdg59cQzsp2I2YherZUIHw qF2p4BPfTK0Sda/Oufg+Goi4O+H3Re2/XZef4GyiktxCAOpTMxD4Hh8MjcBGLN8QMbGN J9GVSz1GtJrNa9YDNczVNcP/dCfyO1mFuaFewCuGFNQ9F+jlhIvhdS0Fjb6SaL7NEzeT sj4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692896261; x=1693501061; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6btm2bj7axX72krV93gy9BGEHB1Ne2PaEfLnWDePLQI=; b=QgOp0/ugrAESj6yigDosUYgLAUNnxgfhvXynY+M/Vz1Gg2QtxvlVk37EbTW6Suh6zD 8DiTzmovQXH1mLtvXf91a1LgK0Y0UPgVCcUcxQgry2kAkAGGgZN8+9K0mjQXe3dcn4ZA WJDo3oLq7sctt8ro28LID1xeZB/eEGm7I6WFg2qhRgy6QsIn+7oqq9B8WiMWQ4Ay9Cb6 34i+TiiCiVY6yyXVG0TngqXpA40rqnCVNw1OT7YwlAhlVx1oBAeBZmj/18BI9wF5JsbW ujCjY2kBcsWEhVgkqxS9ipBwzAgI0is5sKS3+SV9q8L0NpVnR+EW8pQsVKcL0z6JTuxD s1ug== X-Gm-Message-State: AOJu0YzbeiU14Qs+wQf2g993K1MHT4ti7I1iII+HXkXkHG5t5gQHdxyw eV+splfSI0Mo+MvWQuam5PYGwufZX+09DdtOS6o= X-Received: by 2002:a2e:94c3:0:b0:2bc:b46b:686b with SMTP id r3-20020a2e94c3000000b002bcb46b686bmr11777121ljh.34.1692896261447; Thu, 24 Aug 2023 09:57:41 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id z16-20020a1c4c10000000b003fe215e4492sm3173133wmf.4.2023.08.24.09.57.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Aug 2023 09:57:41 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, Hanna Reitz , Kevin Wolf , Stefan Hajnoczi Subject: [PATCH] hw/block/dataplane/virtio-block: Avoid dynamic stack allocation Date: Thu, 24 Aug 2023 17:57:40 +0100 Message-Id: <20230824165740.2653919-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::22c; envelope-from=peter.maydell@linaro.org; helo=mail-lj1-x22c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org Instead of using a variable length array in notify_guest_bh(), always use a fixed sized bitmap (this will be 128 bytes). This means we need to avoid assuming that bitmap and the s->batch_notify_vqs bitmap are the same size; the neatest way to do this is to switch to using bitmap.h APIs to declare, copy and clear, because then we can specify the length in bits, exactly as we did when creating s->batch_notify_vqs with bitmap_new(). The codebase has very few VLAs, and if we can get rid of them all we can make the compiler error on new additions. This is a defensive measure against security bugs where an on-stack dynamic allocation isn't correctly size-checked (e.g. CVE-2021-3527). Signed-off-by: Peter Maydell Reviewed-by: Stefan Hajnoczi --- In discussion on Philippe's attempt at getting rid of this VLA: https://patchew.org/QEMU/20210505211047.1496765-1-philmd@redhat.com/20210505211047.1496765-7-philmd@redhat.com/ Stefan suggested getting rid of the local bitmap array entirely. But I don't know this code at all and have no idea of the implications (presumably there is a reason we have the local array rather than iterating directly on batch_notify_vqs), so I have opted for the more minimal change. Usual disclaimer: tested only with "make check" and "make check-avocado". --- hw/block/dataplane/virtio-blk.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hw/block/dataplane/virtio-blk.c b/hw/block/dataplane/virtio-blk.c index da36fcfd0b5..f31ec79d0b2 100644 --- a/hw/block/dataplane/virtio-blk.c +++ b/hw/block/dataplane/virtio-blk.c @@ -59,11 +59,16 @@ static void notify_guest_bh(void *opaque) { VirtIOBlockDataPlane *s = opaque; unsigned nvqs = s->conf->num_queues; - unsigned long bitmap[BITS_TO_LONGS(nvqs)]; + DECLARE_BITMAP(bitmap, VIRTIO_QUEUE_MAX); unsigned j; - memcpy(bitmap, s->batch_notify_vqs, sizeof(bitmap)); - memset(s->batch_notify_vqs, 0, sizeof(bitmap)); + /* + * Note that our local 'bitmap' is declared at a fixed + * worst case size, but s->batch_notify_vqs has only + * nvqs bits in it. + */ + bitmap_copy(bitmap, s->batch_notify_vqs, nvqs); + bitmap_zero(s->batch_notify_vqs, nvqs); for (j = 0; j < nvqs; j += BITS_PER_LONG) { unsigned long bits = bitmap[j / BITS_PER_LONG];