Google Git
Sign in
chromium / crosvm / crosvm / 7afebecdb9764c2c1ea3d1419ffc8c00701c4159
commit7afebecdb9764c2c1ea3d1419ffc8c00701c4159[log] [tgz]
authorDaniel Verkamp <dverkamp@chromium.org>Mon Nov 21 23:52:48 2022
committercrosvm LUCI <crosvm-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Dec 07 20:58:20 2022
treebe633e349e9c35e82757ed2b2d52033502723bbb
parent54cee02f5113bef923da5595fcc572b773b02e01 [diff]
devices: virtio: queue: move queue validation to set_ready()

The Queue::validate() function verified that the descriptor, avail, and
used rings fall within valid guest memory regions. However, this check
was skipped when an IOMMU was enabled, so the Queue::peek() function had
to be robust against out-of-bounds memory addresses already.

Move the integer overflow checks of ring guest addresses into the
`Queue::set_ready()` function, which is called when the driver enables
each queue (and must have already configured the queue addresses). This
allows the checks to be performed once at queue enable time instead of
every time `peek()`/`pop()` is called.

The `GuestMemory::address_in_range()` checks are removed. These are not
necessary to ensure correctness, as all read/write accesses in Queue
functions that operate on guest memory already use helper functions that
ensure out-of-bounds memory accesses are rejected (read_obj_from_addr()
and write_obj_at_addr() via the wrapper functions that handle IOMMU).

BUG=None
TEST=Boot x86-64 Linux in crosvm

Change-Id: I51cca6554c4c5f134082e9326bcf59499f201c1c
Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4045044
Commit-Queue: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Keiichi Watanabe <keiichiw@chromium.org>
5 files changed
tree: be633e349e9c35e82757ed2b2d52033502723bbb
  1. .cargo/
  2. .devcontainer/
  3. .github/
  4. .vscode/
  5. aarch64/
  6. acpi_tables/
  7. anti_tamper/
  8. arch/
  9. argh_helpers/
  10. base/
  11. bit_field/
  12. broker_ipc/
  13. common/
  14. crash_report/
  15. cros_async/
  16. cros_fdt/
  17. cros_tracing/
  18. crosvm-fuzz/
  19. crosvm_cli/
  20. crosvm_control/
  21. crosvm_plugin/
  22. devices/
  23. disk/
  24. docs/
  25. e2e_tests/
  26. fuse/
  27. gpu_display/
  28. hypervisor/
  29. infra/
  30. io_uring/
  31. kernel_cmdline/
  32. kernel_loader/
  33. kvm/
  34. kvm_sys/
  35. libcras_stub/
  36. linux_input_sys/
  37. logo/
  38. media/
  39. metrics/
  40. net_sys/
  41. net_util/
  42. power_monitor/
  43. prebuilts/
  44. proto_build_tools/
  45. protos/
  46. qcow_utils/
  47. resources/
  48. rutabaga_gfx/
  49. sandbox/
  50. seccomp/
  51. serde_keyvalue/
  52. src/
  53. swap/
  54. system_api/
  55. tests/
  56. third_party/
  57. tools/
  58. tpm2/
  59. tpm2-sys/
  60. tube_transporter/
  61. usb_sys/
  62. usb_util/
  63. vfio_sys/
  64. vhost/
  65. virtio_sys/
  66. vm_control/
  67. vm_memory/
  68. win_audio/
  69. win_util/
  70. x86_64/
  71. .dockerignore
  72. .gitignore
  73. .gitmodules
  74. .rustfmt.toml
  75. ARCHITECTURE.md
  76. build.rs
  77. Cargo.lock
  78. Cargo.toml
  79. CONTRIBUTING.md
  80. DIR_METADATA
  81. LICENSE
  82. mypy.ini
  83. OWNERS
  84. OWNERS_COUNCIL
  85. PRESUBMIT.cfg
  86. pyproject.toml
  87. README.chromeos.md
  88. README.md
  89. rust-toolchain
README.md

crosvm - The Chrome OS Virtual Machine Monitor

crosvm is a virtual machine monitor (VMM) based on Linux’s KVM hypervisor, with a focus on simplicity, security, and speed. crosvm is intended to run Linux guests, originally as a security boundary for running native applications on the Chrome OS platform. Compared to QEMU, crosvm doesn’t emulate architectures or real hardware, instead concentrating on paravirtualized devices, such as the virtio standard.

crosvm is currently used to run Linux/Android guests on Chrome OS devices.

Logo