From 3be5cc23245637577210e43e68dd3babd01fbb5e Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Tue, 15 Mar 2016 19:34:16 +0100 Subject: [PATCH] target-ppc: Document TOCTTOU in hugepage support MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The code to find the minimum page size is is vulnerable to TOCTTOU. Added in commit 2d103aa "target-ppc: fix hugepage support when using memory-backend-file" (v2.4.0). Since I can't fix it myself right now, add a FIXME comment. Cc: Paolo Bonzini Cc: Michael Roth Signed-off-by: Markus Armbruster Message-Id: <1458066895-20632-2-git-send-email-armbru@redhat.com> Reviewed-by: Marc-André Lureau --- target-ppc/kvm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/target-ppc/kvm.c b/target-ppc/kvm.c index 776336b..2fc9931 100644 --- a/target-ppc/kvm.c +++ b/target-ppc/kvm.c @@ -333,6 +333,12 @@ static long gethugepagesize(const char *mem_path) return fs.f_bsize; } +/* + * FIXME TOCTTOU: this iterates over memory backends' mem-path, which + * may or may not name the same files / on the same filesystem now as + * when we actually open and map them. Iterate over the file + * descriptors instead, and use qemu_fd_getpagesize(). + */ static int find_max_supported_pagesize(Object *obj, void *opaque) { char *mem_path; -- 2.7.4