Missing length validation of virtiofs tag causes panic

[leahneukirchen]

Describe the bug
The tag= parameter of --fs is not checked for length, a too long tag causes a panic.

To Reproduce
Steps to reproduce the behaviour:

% cloud-hypervisor \
    --cpus boot=1 \
    --memory size=1G,shared=on \
    --kernel vmlinux \
    --cmdline "console=hvc0 root=/dev/vda1 rw" \
    --fs tag=thistagisalotmuchlongerthan32characters,socket=/tmp/virtiofs,num_queues=1,queue_size=512

thread 'vmm' panicked at virtio-devices/src/vhost_user/fs.rs:401:23:
range end index 39 out of range for slice of length 36

Version

Output of cloud-hypervisor --version:

cloud-hypervisor v38.0.0

Did you build from source, if so build command line (e.g. features): distribution package of Void Linux.

[liuw]

Do you happen to know how CH is built in Void Linux? I tried both debug and release builds locally, CH does not crash.

The tag field has a size of 36, so there is obviously a bug in the code.

[leahneukirchen]

Regular cargo build --release build, it also happens on NixOS.

(The virtiofs needs to connect to trigger the path.)

[liuw]

Regular cargo build --release build, it also happens on NixOS.

(The virtiofs needs to connect to trigger the path.)

I see. This makes sense. Thanks!

I've submitted a PR to address this issue.