Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bugfix: passthrough: refect CFileHandle struct #106

Merged
merged 1 commit into from
Feb 24, 2023
Merged

bugfix: passthrough: refect CFileHandle struct #106

merged 1 commit into from
Feb 24, 2023

Conversation

xuejun-xj
Copy link
Contributor

@xuejun-xj xuejun-xj commented Feb 23, 2023
edited
Loading

Previously, CFileHandle uses a *mut libc::c_char to transfer data between user space and kernel space. The system call "name_to_handle_at" will return the data with "copy_to_user". This may cause a bug because the memory layout of CFileHandle fields may be noncontinuous with the dynamically-sized array's. Therefore, the "copy_to_user" may destroy the stack. This is reproduced on aarch64 only when using "opt-level=3" to compile.

This commit refectors the CFileHandle struct with FarmStruct trait to ensure the memory layout to be continuous. The trait enables struct to own a dynamically-sized array at the end of the struct like zero-array in C language. We refector the related implementation so that "copy_to_user" won't write outside the CFileHandle and destroy the user stack.

Besides, add some units and fix clippy warnings.

wllenyj
wllenyj reviewed Feb 23, 2023
View reviewed changes
src/passthrough/file_handle.rs Outdated
#[repr(C)]
pub struct MockCFileHandle {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mock feels like testing code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @wllenyj! I have renamed it as CFileHandleInner.

src/passthrough/file_handle.rs Outdated
// File identifier (sized by caller) [out]
f_handle: *mut libc::c_char,
f_handle: Vec<u8>,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
f_handle: Vec<u8>,
type CFileHandle = FamStructWrapper<CFileHandleInner>;
pub struct CFileHandlerInner {
handle_bytes: u32,
handle_type: i32,
f_handle: __IncompleteArrayField<libc::c_char>
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @wllenyj! As CFileHandle needs to implement some traits, like Ord, PartialOrd, I use a CFileHandleWrapper instead, which is used as a memory of CFileHandle struct.

@xuejun-xj xuejun-xj changed the title bugfix: passthrough: Add MockCFileHandleWrapper bugfix: passthrough: refect CFileHandle struct Feb 23, 2023
liubogithub
liubogithub reviewed Feb 23, 2023
View reviewed changes
Copy link
Contributor

@liubogithub liubogithub left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@xuejun-xj xuejun-xj mentioned this pull request Feb 24, 2023
Merged
@xuejun-xj xuejun-xj force-pushed the xuejun/fix branch 2 times, most recently from dc1a676 to 852192c Compare February 24, 2023 05:23
@xuejun-xj
bugfix: passthrough: refect CFileHandle struct
7fa4f72 
Previously, CFileHandle uses a *mut libc::c_char to transfer data
between user space and kernel space. The system call "name_to_handle_at"
will return the data with "copy_to_user". This may cause a bug because
the memory layout of CFileHandle fields may be noncontinuous with the
dynamically-sized array's. Therefore, the "copy_to_user" may destroy the
stack. This is reproduced on aarch64 only when using "opt-level=3" to
compile.

This commit refectors the CFileHandle struct with FarmStruct trait to
ensure the memory layout to be continuous. The trait enables struct to
own a dynamically-sized array at the end of the struct like zero-array
in C language. We refector the related implementation so that
"copy_to_user" won't write outside the CFileHandle and destroy the user
stack.

Besides, add some units and fix clippy warnings.

Signed-off-by: xuejun-xj <[email protected]>
@jiangliu jiangliu merged commit 2f2b242 into cloud-hypervisor:master Feb 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wllenyj wllenyj wllenyj left review comments

@liubogithub liubogithub liubogithub left review comments

@jiangliu jiangliu jiangliu approved these changes

@bergwolf bergwolf Awaiting requested review from bergwolf bergwolf is a code owner

@imeoer imeoer Awaiting requested review from imeoer imeoer is a code owner

@eryugey eryugey Awaiting requested review from eryugey eryugey is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@xuejun-xj @liubogithub @jiangliu @wllenyj