Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

writer: check conversions from usize to u32 #10

Merged
merged 1 commit into from
Jun 3, 2021
Merged

writer: check conversions from usize to u32 #10

merged 1 commit into from
Jun 3, 2021

Conversation

danielverkamp
Copy link
Collaborator

These conversions were previously unchecked casts, which would
potentially truncate large values. In particular, large reservemap
arrays would cause overflows when calculating the size of the DT struct
in the finish function.

Fixes #6.

Signed-off-by: Daniel Verkamp dverkamp@chromium.org

lauralt
lauralt reviewed May 28, 2021
View reviewed changes
Copy link
Contributor

@lauralt lauralt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update the commit message to Fixes #7 instead of #6?

src/writer.rs Show resolved Hide resolved
andreeaflorescu
andreeaflorescu reviewed May 28, 2021
View reviewed changes
src/writer.rs
@@ -107,7 +107,7 @@ impl FdtWriter {
/// # Arguments
///
/// `mem_reservations` - reserved physical memory regions to list in the FDT header.
pub fn new(mem_reservations: &[FdtReserveEntry]) -> Self {
pub fn new(mem_reservations: &[FdtReserveEntry]) -> Result<Self> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a regression test for this? It is taking some time to initialize a large array, but if that's a problem we can have it as #[ignore] and only run it in the CI (we would need to update the Buildkite pipeline for that in rust-vmm-ci if we go down that path).

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a test based on the one in #6 and it seems to work (albeit very slowly). My main concern was that it will allocate 8 GiB of RAM at least (the original 4G array of FdtReserveEntry structures and a copy in the FdtWriter data), which could be a problem for smaller machines or tests running in a restricted envinronment; I guess we will see if this works on the CI system.

src/writer.rs Show resolved Hide resolved
@danielverkamp
writer: check conversions from usize to u32
fd09484 
These conversions were previously unchecked casts, which would
potentially truncate large values.  In particular, large reservemap
arrays would cause overflows when calculating the size of the DT struct
in the finish function.

Fixes #7.

Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
andreeaflorescu
andreeaflorescu approved these changes Jun 3, 2021
View reviewed changes
src/writer.rs

#[test]
fn test_overflow_subtract() {
let overflow_size = std::u32::MAX / size_of::<FdtReserveEntry>() as u32 - 3;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: std::u32::MAX will be deprecated. We can use u32::MAX instead.

@lauralt lauralt merged commit 2e4ebde into rust-vmm:master Jun 3, 2021
@andreeaflorescu andreeaflorescu mentioned this pull request Jun 3, 2021
Closed
@danielverkamp danielverkamp deleted the unchecked-conversions branch June 4, 2021 18:42
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andreeaflorescu andreeaflorescu andreeaflorescu approved these changes

@lauralt lauralt lauralt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Unchecked arithmetic operations in finish
3 participants
@danielverkamp @andreeaflorescu @lauralt