[07/10] uffd: Check for uffd event being PF early

Submitted by Pavel Emelianov on Nov. 12, 2016, 5:25 a.m.

Details

Message ID 5826A7BE.9090706@virtuozzo.com
State Accepted
Series "uffd: A set of improvements over criu/uffd.c"
Commit 8dc19e2707b9da96d88647b405440a082490042d
Headers show

Commit Message

Pavel Emelianov Nov. 12, 2016, 5:25 a.m.
The event received should be checked to be #PF before
accessing its other arguments.

Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
---
 criu/uffd.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/criu/uffd.c b/criu/uffd.c
index 43d8e7a..96b5ec0 100644
--- a/criu/uffd.c
+++ b/criu/uffd.c
@@ -668,6 +668,11 @@  static int handle_user_fault(struct lazy_pages_info *lpi, void *dest)
 		return -1;
 	}
 
+	if (msg.event != UFFD_EVENT_PAGEFAULT) {
+		pr_err("unexpected msg event %u\n", msg.event);
+		return -1;
+	}
+
 	/* Align requested address to the next page boundary */
 	address = msg.arg.pagefault.address & ~(page_size() - 1);
 	pr_debug("msg.arg.pagefault.address 0x%llx\n", address);
@@ -681,11 +686,6 @@  static int handle_user_fault(struct lazy_pages_info *lpi, void *dest)
 	flags = msg.arg.pagefault.flags;
 	pr_debug("msg.arg.pagefault.flags 0x%llx\n", flags);
 
-	if (msg.event != UFFD_EVENT_PAGEFAULT) {
-		pr_err("unexpected msg event %u\n", msg.event);
-		return -1;
-	}
-
 	ret = handle_regular_pages(lpi, dest, address);
 	if (ret < 0) {
 		pr_err("Error during regular page copy\n");

Comments

Mike Rapoport Nov. 12, 2016, 1:57 p.m.
On Sat, Nov 12, 2016 at 08:25:18AM +0300, Pavel Emelyanov wrote:
> The event received should be checked to be #PF before
> accessing its other arguments.

Well, looking forward to see non-cooperative userfaultfd patches in kernel
we should have something like

static int handle_uffd_enent(struct lazy_pages_info *lpi)
{
	read(&msg...);

	switch (msg.event) {
	case UFFD_EVENT_PAGEFAULT:
		handle_pagefault(lpi, msg);
		break;
	default:
		return -1;
	}
}

But since this patch is anyway is a bugfix:
 
> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

Acked-by: Mike Rapoport <rppt@linux.vnet.ibm.com>

> ---
>  criu/uffd.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/criu/uffd.c b/criu/uffd.c
> index 43d8e7a..96b5ec0 100644
> --- a/criu/uffd.c
> +++ b/criu/uffd.c
> @@ -668,6 +668,11 @@ static int handle_user_fault(struct lazy_pages_info *lpi, void *dest)
>  		return -1;
>  	}
> 
> +	if (msg.event != UFFD_EVENT_PAGEFAULT) {
> +		pr_err("unexpected msg event %u\n", msg.event);
> +		return -1;
> +	}
> +
>  	/* Align requested address to the next page boundary */
>  	address = msg.arg.pagefault.address & ~(page_size() - 1);
>  	pr_debug("msg.arg.pagefault.address 0x%llx\n", address);
> @@ -681,11 +686,6 @@ static int handle_user_fault(struct lazy_pages_info *lpi, void *dest)
>  	flags = msg.arg.pagefault.flags;
>  	pr_debug("msg.arg.pagefault.flags 0x%llx\n", flags);
> 
> -	if (msg.event != UFFD_EVENT_PAGEFAULT) {
> -		pr_err("unexpected msg event %u\n", msg.event);
> -		return -1;
> -	}
> -
>  	ret = handle_regular_pages(lpi, dest, address);
>  	if (ret < 0) {
>  		pr_err("Error during regular page copy\n");
> -- 
> 2.5.0
> 
> _______________________________________________
> CRIU mailing list
> CRIU@openvz.org
> https://lists.openvz.org/mailman/listinfo/criu
>