This patch series addresses missing input validation that I came across when reviewing vhost_user.c.
The first patch explains the security model and the rest fixes places with missing checks. Now is a good time to discuss the security model if anyone disagrees or has questions about what Patch 1 says. Stefan Hajnoczi (8): vhost: add security model documentation to vhost_user.c vhost: avoid enum fields in VhostUserMsg vhost: validate untrusted memory.nregions field vhost: clear out unused SCM_RIGHTS file descriptors vhost: reject invalid log base mmap_offset values vhost: fix msg->payload union typo in vhost_user_set_vring_addr() vhost: validate virtqueue size vhost: check for memory_size + mmap_offset overflow lib/librte_vhost/vhost_user.h | 4 +-- lib/librte_vhost/socket.c | 8 +++++- lib/librte_vhost/vhost_user.c | 57 +++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 64 insertions(+), 5 deletions(-) -- 2.14.3
