vmsilo fork of vhost rust libraries
0152e88b42
Since VhostUserMsgHeader implements ByteValued, it is supposed to be safe to construct from any correctly-sized arbitrary byte array. But that means we can do this: let bytes = b"\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00"; let header = VhostUserMsgHeader::<MasterReq>::from_slice(bytes).unwrap(); header.get_code() constructing an invalid MasterReq, using only functions that are marked as safe. Constructing an invalid enum value is undefined behavior in Rust, so this API is unsound. This wasn't considered by the safety comment in VhostUserMsgHeader::get_code, which only considered the safety of requests that were valid enum variants. If the vhost-user frontend process sends a message that the backend doesn't recognise, that's exactly what will happen, so the UB can be triggered from an external process (but a trusted one). To fix this, we need to check whether the value is valid _before_ converting it. Req::is_valid is changed to be a non-instance method, so it can be called before constructing the Req. VhostUserMsgHeader::get_code is changed to return a Result, to accomodate the case where the request number is not a valid value for R. Signed-off-by: Alyssa Ross <alyssa.ross@unikie.com> |
||
|---|---|---|
| .buildkite | ||
| .cargo | ||
| .github | ||
| crates | ||
| rust-vmm-ci@99fe2eb2e0 | ||
| .gitignore | ||
| .gitmodules | ||
| Cargo.toml | ||
| CODEOWNERS | ||
| coverage_config_aarch64.json | ||
| coverage_config_x86_64.json | ||
| LICENSE | ||
| LICENSE-BSD-3-Clause | ||
| README.md | ||
vhost
The vhost workspace hosts libraries related to the vhost and vhost-user
protocols. It currently consists of the following crates:
vhost-> A pure rust library for vDPA, vhost and vhost-user.vhost-user-backend-> It provides a framework to implementvhost-userbackend services.