[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] More IOCTL parameter checks

  • To: "paul@xxxxxxx" <paul@xxxxxxx>, "win-pv-devel@xxxxxxxxxxxxxxxxxxxx" <win-pv-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Owen Smith <owen.smith@xxxxxxxxxx>
  • Date: Thu, 28 Apr 2022 12:10:46 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pqn6OkpSGwJQo6WtWdKWmM4++l1FB7WXyGSC2TgdKw8=; b=RxdcRx8GCLu8gcEoz4iZXaVQkudsNeI5aFRR8pVJzZdKnpobxbcBt+ptJSKAVDagM1s7ofhflSTgqA2/S1AlkitVljLBQMr9A9xv0oUJprDEcT/D1dsNyuYZgKlkq5y2NjEa893KO2clXN9KwqKr6CK4w+HSfFQBbU74v6fKXenrCxIVAfmJIl1hMKoPYdx1ewvdVXyDaJS9fsUVhFOYGW1vVYOT+3Pxhh6gRalJzutWlHauUpDlpUdV7Xz0kAOoWJwv8xX/0Nn0BW0LihItvQaEuC4ZwPb6fXjSCntVDOcl5qq0s5dnuyuzzRvqk6FDkc2DwLUbB5vjFALPNDlKtg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nZ0AWmlcHpfV2T1278gVetzE5yxjyq1G5WMbYObg7KRpA5X6wy6rOyaFRZkLfvD4bX7fv4CvP/AjErX77d31IiIKpSPrYHCRqa0BK7L7AZyQf64sH/CSciRf2F381ef2W2oHDQjaAwZ6FeEEflF9q6Aw7uA4Wr/VFjp05+VgI5Y0sA1gKhOAwEEdESrIzlmgsWUhacSoz9gAZN9TgZVPP7osbWEELgiU8x/doYXwsL53K56yFU5GuwlblviRztj1NnNc723MwESouImCq6eMr0jh/oR5W4anh4+93ISeIiKzsB3hYgKPHYqfTU0pNzzW1wzs8DislHBLHjMrqCIrIg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Delivery-date: Thu, 28 Apr 2022 12:11:17 +0000
  • Ironport-data: A9a23:G27/+q6NhiX9WGGSUHs7cAxRtFjGchMFZxGqfqrLsTDasY5as4F+v mMZUGmOM63fMGH8e9AlPNvl/R4B75fSm9E3S1doqn9mHi5G8cbLO4+Ufxz6V8+wwmwvb67FA +E2MISowBUcFyeEzvuVGuG96yE6j8lkf5KkYAL+EnkZqTRMFWFw0XqPp8Zj2tQy2YTjU1vU0 T/Pi5a31GGNimYc3l08s8pvmDs31BglkGpF1rCWTakjUG72zxH5PrpGTU2CByKQrr1vNvy7X 47+IISRpQs1yfuP5uSNyd4XemVSKlLb0JPnZnB+A8BOiTAazsA+PzpS2FPxpi67hh3Q9+2dx umhurTva1YZY6bXw9gXdD9mDih7IZIc+LvYdC3XXcy7lyUqclPK6tA3VQQdGtRd/ex6R2ZT6 fYfNTYBKAiZgP67y666Te8qgdk/KM7sP8UUvXQIITPxVK56B8ycBfiUo4YGjV/chegXdRraT 80GZDwpdxHBfx1nMVYLEpMu2uyvgxETdhUH8AvO/fZmuQA/yiRXyJu2OvvuKuCYWPRJwWiFg l+X0UnAV0Ry2Nu3jGDtHmiXrvfGgCfTSI8UUrqi+ZZCn1yVg3QNTREbS1a/if24kVKlHcJSL VQO/SgjprR081akJuQRRDW9qX+A+xUbAtxZFrRj7BnXk/SFpQGEGmIDUzhNLsQ8s9M7TiAr0 VnPmM71ATtos/ueTnf1GqqokA5e8BM9dQcqDRLohyNfu7EPfKlbYsrzc+te
  • Ironport-hdrordr: A9a23:CwfFBaMpAp6p/cBcT3X155DYdb4zR+YMi2TDiHoddfUFSKalfp 6V98jzjSWE8Ar5K0tQ4uxoX5PwC080lKQFqrX5WI3PYOCIghrNEGgP1+rfKnjbalTDH41mpO pdmspFebrN5DFB5K6UjjVQUexQpuVvm5rY5ts2uk0dKD2CHJsQjTuRZDz6LmRGAC19QbYpHp uV4cRK4xC6f24MU8i9Dn4ZG8DeutzijvvdEFE7Li9izDPLoSKj6bb8HRTd9AwZSSlzzbAr9n WAuxDl55+kr+qwxnbnpiHuBtVt6ZrcI+l4dY+xY/suW3fRY8GTFcFcsoi5zXAISSeUmRIXeZ f30lAd1o9ImgnslymO0GbQMk/boXoTAjbZuCOlqGqmrsrjSD0gDc1dwYpfbxvC8kIl+Mpxya RRwguixuxq5D777VDADuLzJmZXf4uP0AofuP9Wi2YaXZoVabdXo4Ba9ERJEI0YFCa/7Iw8Cu FhAMzV+f4TKDqhHjjkl3gqxMbpUmU4Hx+ATERHssuJ0yJOlHQ8y0cD3sQQknoJ6Zp4QZhZ4O bPNLhuidh1P4YrRLM4AP1ETdq8C2TLTx6JOGWOIU7/HKVCIH7Jo46f2sRB2AhrQu178HIfou W+bLoDjx9MR6vHM7z+4LRbthbQXW66QTPhjslD+pkRgMyOeIbW
  • List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>
  • Thread-index: AQHYWJ3764WTrsCpXUWjeMiMz++ClK0FKJqAgAATr+A=
  • Thread-topic: [PATCH] More IOCTL parameter checks
-----Original Message-----
From: win-pv-devel <win-pv-devel-bounces@xxxxxxxxxxxxxxxxxxxx> On Behalf Of 
Durrant, Paul
Sent: 28 April 2022 11:44
To: win-pv-devel@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [PATCH] More IOCTL parameter checks
> @@ -618,10 +621,12 @@ fail10:
>   
>   fail9:
>       Error("Fail9\n");
> -    ASSERT(NT_SUCCESS(XENBUS_GNTTAB(UnmapForeignPages,
> -                                    &Fdo->GnttabInterface,
> -                                    Context->Address
> -                                    )));
> +    {
> +        NTSTATUS status2 = XENBUS_GNTTAB(UnmapForeignPages,
> +                                         &Fdo->GnttabInterface,
> +                                         Context->Address);
> +        ASSERT(NT_SUCCESS(status2));

Why?


If the definition of ASSERT is changed, its possible that pages would not get 
unmapped in this failure case.
It feels cleaner to me to separate the cleanup operation and the ASSERTion the 
cleanup succeeded.

> +    }
>   
>   fail8:
>       Error("Fail8\n");
<snip>
 
> diff --git a/src/xeniface/ioctls.c b/src/xeniface/ioctls.c index 
> a624bd1..20a7669 100644
> --- a/src/xeniface/ioctls.c
> +++ b/src/xeniface/ioctls.c
> @@ -48,9 +48,9 @@ __CaptureUserBuffer(
>       NTSTATUS Status;
>       PVOID TempBuffer = NULL;
>   
> -    if (Length == 0) {
> +    if (Length == 0 || Buffer == NULL) {
>           *CapturedBuffer = NULL;
> -        return STATUS_SUCCESS;
> +        return STATUS_INVALID_PARAMETER;

That's a semantic change. Do we want that?

   Paul

Currently, passing Length=0 will result in a success and CapturedBuffer=NULL. 
The next operations after all calls to __CaptureUserBuffer is dereferencing 
CapturedBuffer.

Currently, passing Length!=0 and Buffer=NULL should cause ProbeForRead to throw 
an exception, which results in CapturedBuffer=NULL, but __CaptureUserBuffer 
returning a fail code.

This change will ensure that Length=0 or Buffer=NULL will both fail, and avoid 
any potential for dereferencing a NULL pointer in the operations after all 
calls to __CaptureUserBuffer


Owen

>       }
>   
>       Status = STATUS_NO_MEMORY;

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.