gentoo/app-emulation/qemu/files/qemu-2.5.0-rng-stack-corrupt-3.patch

180 lines
5.4 KiB
Diff

From 60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 Mon Sep 17 00:00:00 2001
From: Ladi Prosek <lprosek@redhat.com>
Date: Thu, 3 Mar 2016 09:37:18 +0100
Subject: [PATCH] rng: add request queue support to rng-random
Requests are now created in the RngBackend parent class and the
code path is shared by both rng-egd and rng-random.
This commit fixes the rng-random implementation which processed
only one request at a time and simply discarded all but the most
recent one. In the guest this manifested as delayed completion
of reads from virtio-rng, i.e. a read was completed only after
another read was issued.
By switching rng-random to use the same request queue as rng-egd,
the unsafe stack-based allocation of the entropy buffer is
eliminated and replaced with g_malloc.
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
Reviewed-by: Amit Shah <amit.shah@redhat.com>
Message-Id: <1456994238-9585-5-git-send-email-lprosek@redhat.com>
Signed-off-by: Amit Shah <amit.shah@redhat.com>
---
backends/rng-egd.c | 16 ++--------------
backends/rng-random.c | 43 +++++++++++++++++++------------------------
backends/rng.c | 13 ++++++++++++-
include/sysemu/rng.h | 3 +--
4 files changed, 34 insertions(+), 41 deletions(-)
diff --git a/backends/rng-egd.c b/backends/rng-egd.c
index 8f2bd16..30332ed 100644
--- a/backends/rng-egd.c
+++ b/backends/rng-egd.c
@@ -27,20 +27,10 @@ typedef struct RngEgd
char *chr_name;
} RngEgd;
-static void rng_egd_request_entropy(RngBackend *b, size_t size,
- EntropyReceiveFunc *receive_entropy,
- void *opaque)
+static void rng_egd_request_entropy(RngBackend *b, RngRequest *req)
{
RngEgd *s = RNG_EGD(b);
- RngRequest *req;
-
- req = g_malloc(sizeof(*req));
-
- req->offset = 0;
- req->size = size;
- req->receive_entropy = receive_entropy;
- req->opaque = opaque;
- req->data = g_malloc(req->size);
+ size_t size = req->size;
while (size > 0) {
uint8_t header[2];
@@ -54,8 +44,6 @@ static void rng_egd_request_entropy(RngBackend *b, size_t size,
size -= len;
}
-
- s->parent.requests = g_slist_append(s->parent.requests, req);
}
static int rng_egd_chr_can_read(void *opaque)
diff --git a/backends/rng-random.c b/backends/rng-random.c
index 8cdad6a..a6cb385 100644
--- a/backends/rng-random.c
+++ b/backends/rng-random.c
@@ -22,10 +22,6 @@ struct RndRandom
int fd;
char *filename;
-
- EntropyReceiveFunc *receive_func;
- void *opaque;
- size_t size;
};
/**
@@ -38,36 +34,35 @@ struct RndRandom
static void entropy_available(void *opaque)
{
RndRandom *s = RNG_RANDOM(opaque);
- uint8_t buffer[s->size];
- ssize_t len;
- len = read(s->fd, buffer, s->size);
- if (len < 0 && errno == EAGAIN) {
- return;
- }
- g_assert(len != -1);
+ while (s->parent.requests != NULL) {
+ RngRequest *req = s->parent.requests->data;
+ ssize_t len;
+
+ len = read(s->fd, req->data, req->size);
+ if (len < 0 && errno == EAGAIN) {
+ return;
+ }
+ g_assert(len != -1);
- s->receive_func(s->opaque, buffer, len);
- s->receive_func = NULL;
+ req->receive_entropy(req->opaque, req->data, len);
+ rng_backend_finalize_request(&s->parent, req);
+ }
+
+ /* We've drained all requests, the fd handler can be reset. */
qemu_set_fd_handler(s->fd, NULL, NULL, NULL);
}
-static void rng_random_request_entropy(RngBackend *b, size_t size,
- EntropyReceiveFunc *receive_entropy,
- void *opaque)
+static void rng_random_request_entropy(RngBackend *b, RngRequest *req)
{
RndRandom *s = RNG_RANDOM(b);
- if (s->receive_func) {
- s->receive_func(s->opaque, NULL, 0);
+ if (s->parent.requests == NULL) {
+ /* If there are no pending requests yet, we need to
+ * install our fd handler. */
+ qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
}
-
- s->receive_func = receive_entropy;
- s->opaque = opaque;
- s->size = size;
-
- qemu_set_fd_handler(s->fd, entropy_available, NULL, s);
}
static void rng_random_opened(RngBackend *b, Error **errp)
diff --git a/backends/rng.c b/backends/rng.c
index 014cb9d..277a41b 100644
--- a/backends/rng.c
+++ b/backends/rng.c
@@ -20,9 +20,20 @@ void rng_backend_request_entropy(RngBackend *s, size_t size,
void *opaque)
{
RngBackendClass *k = RNG_BACKEND_GET_CLASS(s);
+ RngRequest *req;
if (k->request_entropy) {
- k->request_entropy(s, size, receive_entropy, opaque);
+ req = g_malloc(sizeof(*req));
+
+ req->offset = 0;
+ req->size = size;
+ req->receive_entropy = receive_entropy;
+ req->opaque = opaque;
+ req->data = g_malloc(req->size);
+
+ k->request_entropy(s, req);
+
+ s->requests = g_slist_append(s->requests, req);
}
}
diff --git a/include/sysemu/rng.h b/include/sysemu/rng.h
index 08a2eda..4fffd68 100644
--- a/include/sysemu/rng.h
+++ b/include/sysemu/rng.h
@@ -45,8 +45,7 @@ struct RngBackendClass
{
ObjectClass parent_class;
- void (*request_entropy)(RngBackend *s, size_t size,
- EntropyReceiveFunc *receive_entropy, void *opaque);
+ void (*request_entropy)(RngBackend *s, RngRequest *req);
void (*opened)(RngBackend *s, Error **errp);
};
--
2.7.4