Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
On 2019/7/23 下午6:47, P J P wrote: From: Prasad J Pandit Hello, Linux net_deivce defines network interface name to be of IFNAMSIZE(=16) bytes, including the terminating null('\0') byte. Qemu tap deivce, while invoking 'qemu-bridge-helper' tool to set up the network bridge interface, supplies bridge name of 16 characters, thus allowing to create an ACL bypass scenario. This patch series attempts to fix it. It also updates bridge helper invocation routine 'net_bridge_run_helper' to avoid snprintf() calls. Thank you. -- Prasad J Pandit (3): qemu-bridge-helper: restrict interface name to IFNAMSIZ qemu-bridge-helper: move repeating code in parse_acl_file net: tap: replace snprintf with g_strdup_printf calls net/tap.c| 19 +++ qemu-bridge-helper.c | 24 +--- 2 files changed, 28 insertions(+), 15 deletions(-) Applied. Thanks
Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
Hello Jason, +-- On Thu, 25 Jul 2019, Jason Wang wrote --+ | > URL:https://patchew.org/QEMU/20190723104754.29324-1-ppan...@redhat.com/ | | Prasad, this looks unrelated to the series? Please double check. Yes, it is unrelated. Not sure how it gets triggered. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
On 2019/7/24 上午1:44, no-re...@patchew.org wrote: Patchew URL:https://patchew.org/QEMU/20190723104754.29324-1-ppan...@redhat.com/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. Prasad, this looks unrelated to the series? Please double check. Thanks
Re: [Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
Patchew URL: https://patchew.org/QEMU/20190723104754.29324-1-ppan...@redhat.com/ Hi, This series failed the asan build test. Please find the testing commands and their output below. If you have Docker installed, you can probably reproduce it locally. === TEST SCRIPT BEGIN === #!/bin/bash make docker-image-fedora V=1 NETWORK=1 time make docker-test-debug@fedora TARGET_LIST=x86_64-softmmu J=14 NETWORK=1 === TEST SCRIPT END === PASS 32 test-opts-visitor /visitor/opts/range/beyond PASS 33 test-opts-visitor /visitor/opts/dict/unvisited MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-coroutine -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-coroutine" ==7880==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! ==7880==WARNING: ASan is ignoring requested __asan_handle_no_return: stack top: 0x7fffae69e000; bottom 0x7fd8498f8000; size: 0x002764da6000 (169195757568) False positive error reports may follow For details see https://github.com/google/sanitizers/issues/189 PASS 1 test-coroutine /basic/no-dangling-access --- PASS 1 fdc-test /x86_64/fdc/cmos PASS 2 fdc-test /x86_64/fdc/no_media_on_start PASS 3 fdc-test /x86_64/fdc/read_without_media ==7900==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 4 fdc-test /x86_64/fdc/media_change PASS 5 fdc-test /x86_64/fdc/sense_interrupt PASS 6 fdc-test /x86_64/fdc/relative_seek --- PASS 12 test-aio /aio/event/flush PASS 13 test-aio /aio/event/wait/no-flush-cb PASS 10 fdc-test /x86_64/fdc/read_no_dma_1 ==7912==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 14 test-aio /aio/timer/schedule PASS 15 test-aio /aio/coroutine/queue-chaining PASS 16 test-aio /aio-gsource/flush --- MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-aio-multithread -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-aio-multithread" PASS 11 fdc-test /x86_64/fdc/read_no_dma_18 PASS 1 test-aio-multithread /aio/multi/lifecycle ==7918==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 2 test-aio-multithread /aio/multi/schedule PASS 3 test-aio-multithread /aio/multi/mutex/contended PASS 12 fdc-test /x86_64/fdc/read_no_dma_19 PASS 13 fdc-test /x86_64/fdc/fuzz-registers MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 QTEST_QEMU_IMG=qemu-img tests/ide-test -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="ide-test" PASS 4 test-aio-multithread /aio/multi/mutex/handoff ==7946==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 5 test-aio-multithread /aio/multi/mutex/mcs PASS 1 ide-test /x86_64/ide/identify ==7963==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 6 test-aio-multithread /aio/multi/mutex/pthread MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-throttle -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-throttle" PASS 2 ide-test /x86_64/ide/flush --- PASS 6 test-throttle /throttle/detach_attach PASS 7 test-throttle /throttle/config_functions PASS 8 test-throttle /throttle/accounting ==7971==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 9 test-throttle /throttle/groups PASS 10 test-throttle /throttle/config/enabled PASS 11 test-throttle /throttle/config/conflicting --- PASS 13 test-throttle /throttle/config/ranges PASS 14 test-throttle /throttle/config/max PASS 15 test-throttle /throttle/config/iops_size ==7973==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))} tests/test-thread-pool -m=quick -k --tap < /dev/null | ./scripts/tap-driver.pl --test-name="test-thread-pool" PASS 3 ide-test /x86_64/ide/bmdma/simple_rw ==7984==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 1 test-thread-pool /thread-pool/submit PASS 2 test-thread-pool /thread-pool/submit-aio ==7981==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 3 test-thread-pool /thread-pool/submit-co PASS 4 test-thread-pool /thread-pool/submit-many PASS 4 ide-test /x86_64/ide/bmdma/trim ==8055==WARNING: ASan doesn't fully support makecontext/swapcontext functions and may produce false positives in some cases! PASS 5 test-thread-pool /thread-pool/cancel PASS 5 ide-test /x86_64/ide/bmdma/short_prdt
[Qemu-devel] [PATCH v4 0/3] restrict bridge interface name to IFNAMSIZ
From: Prasad J Pandit Hello, Linux net_deivce defines network interface name to be of IFNAMSIZE(=16) bytes, including the terminating null('\0') byte. Qemu tap deivce, while invoking 'qemu-bridge-helper' tool to set up the network bridge interface, supplies bridge name of 16 characters, thus allowing to create an ACL bypass scenario. This patch series attempts to fix it. It also updates bridge helper invocation routine 'net_bridge_run_helper' to avoid snprintf() calls. Thank you. -- Prasad J Pandit (3): qemu-bridge-helper: restrict interface name to IFNAMSIZ qemu-bridge-helper: move repeating code in parse_acl_file net: tap: replace snprintf with g_strdup_printf calls net/tap.c| 19 +++ qemu-bridge-helper.c | 24 +--- 2 files changed, 28 insertions(+), 15 deletions(-) -- 2.21.0