diff options
author | Markus Armbruster | 2016-03-15 19:34:16 +0100 |
---|---|---|
committer | Markus Armbruster | 2016-03-18 17:34:21 +0100 |
commit | 3be5cc23245637577210e43e68dd3babd01fbb5e (patch) | |
tree | 8db37cea025da470a7ca1a65256de7ba1531b382 | |
parent | Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging (diff) | |
download | qemu-3be5cc23245637577210e43e68dd3babd01fbb5e.tar.gz qemu-3be5cc23245637577210e43e68dd3babd01fbb5e.tar.xz qemu-3be5cc23245637577210e43e68dd3babd01fbb5e.zip |
target-ppc: Document TOCTTOU in hugepage support
The code to find the minimum page size is is vulnerable to TOCTTOU.
Added in commit 2d103aa "target-ppc: fix hugepage support when using
memory-backend-file" (v2.4.0). Since I can't fix it myself right now,
add a FIXME comment.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1458066895-20632-2-git-send-email-armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-rw-r--r-- | target-ppc/kvm.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 776336b8b4..2fc993143e 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path) return fs.f_bsize; } +/* + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which + * may or may not name the same files / on the same filesystem now as + * when we actually open and map them. Iterate over the file + * descriptors instead, and use qemu_fd_getpagesize(). + */ static int find_max_supported_pagesize(Object *obj, void *opaque) { char *mem_path; |