Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
On 2019/7/23 下午6:47, P J P wrote:
From: Prasad J Pandit
Hello,
Linux net_deivce defines network interface name to be of IFNAMSIZE(=16)
bytes, including the terminating null('\0') byte.
Qemu tap deivce, while invoking 'qemu-bridge-helper' tool to set up the
network bridge interface, supplies bridge name of 16 characters, thus
allowing to create an ACL bypass scenario.
This patch series attempts to fix it. It also updates bridge helper
invocation routine 'net_bridge_run_helper' to avoid snprintf() calls.
Thank you.
--
Prasad J Pandit (3):
qemu-bridge-helper: restrict interface name to IFNAMSIZ
qemu-bridge-helper: move repeating code in parse_acl_file
net: tap: replace snprintf with g_strdup_printf calls
net/tap.c| 19 +++
qemu-bridge-helper.c | 24 +---
2 files changed, 28 insertions(+), 15 deletions(-)
Applied.
Thanks
Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
Hello Jason, +-- On Thu, 25 Jul 2019, Jason Wang wrote --+ | > URL:https://patchew.org/QEMU/20190723104754.29324-1-ppan...@redhat.com/ | | Prasad, this looks unrelated to the series? Please double check. Yes, it is unrelated. Not sure how it gets triggered. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
On 2019/7/24 上午1:44, no-re...@patchew.org wrote: Patchew URL:https://patchew.org/QEMU/20190723104754.29324-1-ppan...@redhat.com/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. Prasad, this looks unrelated to the series? Please double check. Thanks
Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
Patchew URL: https://patchew.org/QEMU/20190723104754.29324-1-ppan...@redhat.com/
Hi,
This series failed the asan build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST SCRIPT BEGIN ===
#!/bin/bash
make docker-image-fedora V=1 NETWORK=1
time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1
=== TEST SCRIPT END ===
PASS 32 test-opts-visitor /visitor/opts/range/beyond
PASS 33 test-opts-visitor /visitor/opts/dict/unvisited
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl
--test-name="test-coroutine"
==7880==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
==7880==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top:
0x7fffae69e000; bottom 0x7fd8498f8000; size: 0x002764da6000 (169195757568)
False positive error reports may follow
For details see https://github.com/google/sanitizers/issues/189
PASS 1 test-coroutine /basic/no-dangling-access
---
PASS 1 fdc-test /x86_64/fdc/cmos
PASS 2 fdc-test /x86_64/fdc/no_media_on_start
PASS 3 fdc-test /x86_64/fdc/read_without_media
==7900==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 4 fdc-test /x86_64/fdc/media_change
PASS 5 fdc-test /x86_64/fdc/sense_interrupt
PASS 6 fdc-test /x86_64/fdc/relative_seek
---
PASS 12 test-aio /aio/event/flush
PASS 13 test-aio /aio/event/wait/no-flush-cb
PASS 10 fdc-test /x86_64/fdc/read_no_dma_1
==7912==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 14 test-aio /aio/timer/schedule
PASS 15 test-aio /aio/coroutine/queue-chaining
PASS 16 test-aio /aio-gsource/flush
---
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
tests/test-aio-multithread -m=quick -k --tap < /dev/null |
./scripts/tap-driver.pl --test-name="test-aio-multithread"
PASS 11 fdc-test /x86_64/fdc/read_no_dma_18
PASS 1 test-aio-multithread /aio/multi/lifecycle
==7918==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 2 test-aio-multithread /aio/multi/schedule
PASS 3 test-aio-multithread /aio/multi/mutex/contended
PASS 12 fdc-test /x86_64/fdc/read_no_dma_19
PASS 13 fdc-test /x86_64/fdc/fuzz-registers
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img
tests/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl
--test-name="ide-test"
PASS 4 test-aio-multithread /aio/multi/mutex/handoff
==7946==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 5 test-aio-multithread /aio/multi/mutex/mcs
PASS 1 ide-test /x86_64/ide/identify
==7963==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 6 test-aio-multithread /aio/multi/mutex/pthread
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl
--test-name="test-throttle"
PASS 2 ide-test /x86_64/ide/flush
---
PASS 6 test-throttle /throttle/detach_attach
PASS 7 test-throttle /throttle/config_functions
PASS 8 test-throttle /throttle/accounting
==7971==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 9 test-throttle /throttle/groups
PASS 10 test-throttle /throttle/config/enabled
PASS 11 test-throttle /throttle/config/conflicting
---
PASS 13 test-throttle /throttle/config/ranges
PASS 14 test-throttle /throttle/config/max
PASS 15 test-throttle /throttle/config/iops_size
==7973==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl
--test-name="test-thread-pool"
PASS 3 ide-test /x86_64/ide/bmdma/simple_rw
==7984==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 1 test-thread-pool /thread-pool/submit
PASS 2 test-thread-pool /thread-pool/submit-aio
==7981==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 3 test-thread-pool /thread-pool/submit-co
PASS 4 test-thread-pool /thread-pool/submit-many
PASS 4 ide-test /x86_64/ide/bmdma/trim
==8055==WARNING: ASan doesn't fully support makecontext/swapcontext functions
and may produce false positives in some cases!
PASS 5 test-thread-pool /thread-pool/cancel
PASS 5 ide-test /x86_64/ide/bmdma/short_prdt
[Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
From: Prasad J Pandit
Hello,
Linux net_deivce defines network interface name to be of IFNAMSIZE(=16)
bytes, including the terminating null('\0') byte.
Qemu tap deivce, while invoking 'qemu-bridge-helper' tool to set up the
network bridge interface, supplies bridge name of 16 characters, thus
allowing to create an ACL bypass scenario.
This patch series attempts to fix it. It also updates bridge helper
invocation routine 'net_bridge_run_helper' to avoid snprintf() calls.
Thank you.
--
Prasad J Pandit (3):
qemu-bridge-helper: restrict interface name to IFNAMSIZ
qemu-bridge-helper: move repeating code in parse_acl_file
net: tap: replace snprintf with g_strdup_printf calls
net/tap.c| 19 +++
qemu-bridge-helper.c | 24 +---
2 files changed, 28 insertions(+), 15 deletions(-)
--
2.21.0
