crosvm

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-06 02:25:23 +00:00

History

Zach Reizner cf0d298223 wl: limit vfd recv size to leave room for VFDs The IN_BUFFER_LEN variable limits the amount of data that will be read into a single page sized descriptor. The old value for it left room for the 16 byte header but reserved no space for VFDs. This happens to work fine if the size of the read data and VFDs did not exceed the buffer size, but, in rare circumstance, the maximum amount of data would be read along with a FD getting received, spilling the descriptor and causing it to fail to write to it. The guest driver does not handle this gracefully and usually panics due to corruption. The new value reserves room for the max number of VFDs so that the descriptors will not end up with too much data. BUG=chromium:951576 TEST=while true; do (/opt/google/cros-containers/bin/wayland_demo&); pkill -f /opt/google/cros-containers/lib/ld-linux-x86-64.so.2; done Change-Id: Ic0c1c10f81a91b5e5cd076e3ded8d3cc0564b614 Reviewed-on: https://chromium-review.googlesource.com/1623558 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com> Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org> Reviewed-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Dylan Reid <dgreid@chromium.org>	2019-05-23 02:14:57 -07:00
..
src	wl: limit vfd recv size to leave room for VFDs	2019-05-23 02:14:57 -07:00
Cargo.toml	edition: Update devices crate to 2018 edition	2019-04-15 02:06:04 -07:00

Zach Reizner cf0d298223 wl: limit vfd recv size to leave room for VFDs

The IN_BUFFER_LEN variable limits the amount of data that will be read
into a single page sized descriptor. The old value for it left room for
the 16 byte header but reserved no space for VFDs. This happens to work
fine if the size of the read data and VFDs did not exceed the buffer
size, but, in rare circumstance, the maximum amount of data would be
read along with a FD getting received, spilling the descriptor and
causing it to fail to write to it. The guest driver does not handle this
gracefully and usually panics due to corruption.

The new value reserves room for the max number of VFDs so that the
descriptors will not end up with too much data.

BUG=chromium:951576
TEST=while true; do
         (/opt/google/cros-containers/bin/wayland_demo&);
         pkill -f /opt/google/cros-containers/lib/ld-linux-x86-64.so.2;
     done

Change-Id: Ic0c1c10f81a91b5e5cd076e3ded8d3cc0564b614
Reviewed-on: https://chromium-review.googlesource.com/1623558
Commit-Ready: Zach Reizner <zachr@chromium.org>
Tested-by: Zach Reizner <zachr@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>

2019-05-23 02:14:57 -07:00

src

wl: limit vfd recv size to leave room for VFDs

2019-05-23 02:14:57 -07:00

Cargo.toml

edition: Update devices crate to 2018 edition

2019-04-15 02:06:04 -07:00