-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use u32 to describe vsock related buffer sizes #4637
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
|
@@ -108,23 +108,25 @@ | |||||
pub fn read_exact_volatile_at( | ||||||
&self, | ||||||
mut buf: &mut [u8], | ||||||
offset: usize, | ||||||
offset: u32, | ||||||
) -> Result<(), VolatileMemoryError> { | ||||||
if offset < self.len() as usize { | ||||||
let expected = buf.len(); | ||||||
if offset < self.len() { | ||||||
let expected = u32::try_from(buf.len()).unwrap(); | ||||||
let bytes_read = self.read_volatile_at(&mut buf, offset, expected)?; | ||||||
|
||||||
if bytes_read != expected { | ||||||
return Err(VolatileMemoryError::PartialBuffer { | ||||||
expected, | ||||||
completed: bytes_read, | ||||||
expected: expected as usize, | ||||||
completed: bytes_read as usize, | ||||||
Comment on lines
+119
to
+120
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Let's use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. and everywhere else in this commit. We should always be able to use |
||||||
}); | ||||||
} | ||||||
|
||||||
Ok(()) | ||||||
} else { | ||||||
// If `offset` is past size, there's nothing to read. | ||||||
Err(VolatileMemoryError::OutOfBounds { addr: offset }) | ||||||
Err(VolatileMemoryError::OutOfBounds { | ||||||
addr: offset as usize, | ||||||
}) | ||||||
} | ||||||
} | ||||||
|
||||||
|
@@ -134,29 +136,30 @@ | |||||
pub fn read_volatile_at<W: WriteVolatile>( | ||||||
&self, | ||||||
dst: &mut W, | ||||||
mut offset: usize, | ||||||
mut len: usize, | ||||||
) -> Result<usize, VolatileMemoryError> { | ||||||
mut offset: u32, | ||||||
mut len: u32, | ||||||
) -> Result<u32, VolatileMemoryError> { | ||||||
let mut total_bytes_read = 0; | ||||||
|
||||||
for iov in &self.vecs { | ||||||
if len == 0 { | ||||||
break; | ||||||
} | ||||||
|
||||||
if offset >= iov.iov_len { | ||||||
offset -= iov.iov_len; | ||||||
let iov_len = u32::try_from(iov.iov_len).unwrap(); | ||||||
if offset >= iov_len { | ||||||
offset -= iov_len; | ||||||
Comment on lines
+149
to
+151
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Mh, I think here its better to have a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I agree, however, let's do
|
||||||
continue; | ||||||
} | ||||||
|
||||||
let mut slice = | ||||||
// SAFETY: the constructor IoVecBufferMut::from_descriptor_chain ensures that | ||||||
// all iovecs contained point towards valid ranges of guest memory | ||||||
unsafe { VolatileSlice::new(iov.iov_base.cast(), iov.iov_len).offset(offset)? }; | ||||||
unsafe { VolatileSlice::new(iov.iov_base.cast(), iov.iov_len).offset(offset as usize)? }; | ||||||
offset = 0; | ||||||
|
||||||
if slice.len() > len { | ||||||
slice = slice.subslice(0, len)?; | ||||||
if u32::try_from(slice.len()).unwrap() > len { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Suggested change
Or also just a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. again agree. |
||||||
slice = slice.subslice(0, len as usize)?; | ||||||
} | ||||||
|
||||||
let bytes_read = loop { | ||||||
|
@@ -166,13 +169,13 @@ | |||||
{ | ||||||
continue | ||||||
} | ||||||
Ok(bytes_read) => break bytes_read, | ||||||
Ok(bytes_read) => break u32::try_from(bytes_read).unwrap(), | ||||||
Err(volatile_memory_error) => return Err(volatile_memory_error), | ||||||
} | ||||||
}; | ||||||
total_bytes_read += bytes_read; | ||||||
|
||||||
if bytes_read < slice.len() { | ||||||
if slice.len() > bytes_read as usize { | ||||||
break; | ||||||
} | ||||||
len -= bytes_read; | ||||||
|
@@ -248,23 +251,25 @@ | |||||
pub fn write_all_volatile_at( | ||||||
&mut self, | ||||||
mut buf: &[u8], | ||||||
offset: usize, | ||||||
offset: u32, | ||||||
) -> Result<(), VolatileMemoryError> { | ||||||
if offset < self.len() as usize { | ||||||
let expected = buf.len(); | ||||||
if offset < self.len() { | ||||||
let expected = u32::try_from(buf.len()).unwrap(); | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. see above |
||||||
let bytes_written = self.write_volatile_at(&mut buf, offset, expected)?; | ||||||
|
||||||
if bytes_written != expected { | ||||||
return Err(VolatileMemoryError::PartialBuffer { | ||||||
expected, | ||||||
completed: bytes_written, | ||||||
expected: expected as usize, | ||||||
completed: bytes_written as usize, | ||||||
}); | ||||||
} | ||||||
|
||||||
Ok(()) | ||||||
} else { | ||||||
// We cannot write past the end of the `IoVecBufferMut`. | ||||||
Err(VolatileMemoryError::OutOfBounds { addr: offset }) | ||||||
Err(VolatileMemoryError::OutOfBounds { | ||||||
addr: offset as usize, | ||||||
}) | ||||||
} | ||||||
} | ||||||
|
||||||
|
@@ -274,29 +279,30 @@ | |||||
pub fn write_volatile_at<W: ReadVolatile>( | ||||||
&mut self, | ||||||
src: &mut W, | ||||||
mut offset: usize, | ||||||
mut len: usize, | ||||||
) -> Result<usize, VolatileMemoryError> { | ||||||
mut offset: u32, | ||||||
mut len: u32, | ||||||
) -> Result<u32, VolatileMemoryError> { | ||||||
let mut total_bytes_read = 0; | ||||||
|
||||||
for iov in &self.vecs { | ||||||
if len == 0 { | ||||||
break; | ||||||
} | ||||||
|
||||||
if offset >= iov.iov_len { | ||||||
offset -= iov.iov_len; | ||||||
let iov_len = u32::try_from(iov.iov_len).unwrap(); | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. see above |
||||||
if offset >= iov_len { | ||||||
offset -= iov_len; | ||||||
continue; | ||||||
} | ||||||
|
||||||
let mut slice = | ||||||
// SAFETY: the constructor IoVecBufferMut::from_descriptor_chain ensures that | ||||||
// all iovecs contained point towards valid ranges of guest memory | ||||||
unsafe { VolatileSlice::new(iov.iov_base.cast(), iov.iov_len).offset(offset)? }; | ||||||
unsafe { VolatileSlice::new(iov.iov_base.cast(), iov.iov_len).offset(offset as usize)? }; | ||||||
offset = 0; | ||||||
|
||||||
if slice.len() > len { | ||||||
slice = slice.subslice(0, len)?; | ||||||
if u32::try_from(slice.len()).unwrap() > len { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. see above |
||||||
slice = slice.subslice(0, len as usize)?; | ||||||
} | ||||||
|
||||||
let bytes_read = loop { | ||||||
|
@@ -306,13 +312,13 @@ | |||||
{ | ||||||
continue | ||||||
} | ||||||
Ok(bytes_read) => break bytes_read, | ||||||
Ok(bytes_read) => break u32::try_from(bytes_read).unwrap(), | ||||||
Err(volatile_memory_error) => return Err(volatile_memory_error), | ||||||
} | ||||||
}; | ||||||
total_bytes_read += bytes_read; | ||||||
|
||||||
if bytes_read < slice.len() { | ||||||
if slice.len() > bytes_read as usize { | ||||||
break; | ||||||
} | ||||||
len -= bytes_read; | ||||||
|
@@ -587,7 +593,9 @@ | |||||
// 5 bytes at offset 252 (only 4 bytes left). | ||||||
test_vec4[60..64].copy_from_slice(&buf[0..4]); | ||||||
assert_eq!( | ||||||
iovec.write_volatile_at(&mut &*buf, 252, buf.len()).unwrap(), | ||||||
iovec | ||||||
.write_volatile_at(&mut &*buf, 252, buf.len().try_into().unwrap()) | ||||||
.unwrap(), | ||||||
4 | ||||||
); | ||||||
vq.dtable[0].check_data(&test_vec1); | ||||||
|
@@ -731,11 +739,13 @@ | |||||
assert_eq!( | ||||||
iov.read_volatile_at( | ||||||
&mut KaniBuffer(&mut buf), | ||||||
offset as usize, | ||||||
GUEST_MEMORY_SIZE | ||||||
offset, | ||||||
GUEST_MEMORY_SIZE.try_into().unwrap() | ||||||
) | ||||||
.unwrap(), | ||||||
buf.len().min(iov.len().saturating_sub(offset) as usize) | ||||||
u32::try_from(buf.len()) | ||||||
.unwrap() | ||||||
.min(iov.len().saturating_sub(offset)) | ||||||
); | ||||||
} | ||||||
|
||||||
|
@@ -761,11 +771,13 @@ | |||||
iov_mut | ||||||
.write_volatile_at( | ||||||
&mut KaniBuffer(&mut buf), | ||||||
offset as usize, | ||||||
GUEST_MEMORY_SIZE | ||||||
offset, | ||||||
GUEST_MEMORY_SIZE.try_into().unwrap() | ||||||
) | ||||||
.unwrap(), | ||||||
buf.len().min(iov_mut.len().saturating_sub(offset) as usize) | ||||||
u32::try_from(buf.len()) | ||||||
.unwrap() | ||||||
.min(iov_mut.len().saturating_sub(offset)) | ||||||
); | ||||||
} | ||||||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here, we can translate the error from
try_from
into someVolatileMemoryError
to indicate that its impossible to read more than u32::MAX bytes from a descriptor chain