HV: add size check for shell log buffer usage

add size check for other hypervisor console command; they could be overflow for shell log buffer output. Tracked-On: #1587 Signed-off-by: Minggui Cao <minggui.cao@intel.com> Reviewed-by: Yin Fengwei <fengwei.yin@intel.com> Acked-by: Eddie Dong <eddie.dong@intel.com>
2025-06-22 21:47:22 +00:00 · 2018-11-01 11:53:52 +08:00 · 2018-11-01 11:53:52 +08:00 · b74720636b
commit b74720636b
parent b048835c45
5 changed files with 92 additions and 39 deletions
--- a/hypervisor/arch/x86/assign.c
+++ b/hypervisor/arch/x86/assign.c
@ -855,8 +855,10 @@ void get_ptdev_info(char *str_arg, size_t str_max)
 	uint32_t bdf, vbdf;
 	struct list_head *pos;

-	len = snprintf(str, size,
-		"\r\nVM\tTYPE\tIRQ\tVEC\tDEST\tTM\tPIN\tVPIN\tBDF\tVBDF");
+	len = snprintf(str, size, "\r\nVM\tTYPE\tIRQ\tVEC\tDEST\tTM\tPIN\tVPIN\tBDF\tVBDF");
+	if (len >= size) {
+		goto overflow;
+	}
 	size -= len;
 	str += len;

@ -868,22 +870,25 @@ void get_ptdev_info(char *str_arg, size_t str_max)
 			get_entry_info(entry, type, &irq, &vector,
 					&dest, &lvl_tm, &pin, &vpin,
 					&bdf, &vbdf);
-			len = snprintf(str, size,
-					"\r\n%d\t%s\t%d\t0x%X\t0x%X",
-					entry->vm->vm_id, type,
-					irq, vector, dest);
+			len = snprintf(str, size, "\r\n%d\t%s\t%d\t0x%X\t0x%X",
+					entry->vm->vm_id, type, irq, vector, dest);
+			if (len >= size) {
+				spinlock_release(&ptdev_lock);
+				goto overflow;
+			}
 			size -= len;
 			str += len;

-			len = snprintf(str, size,
-					"\t%s\t%hhu\t%hhu\t%x:%x.%x\t%x:%x.%x",
-					is_entry_active(entry) ?
-					(lvl_tm ? "level" : "edge") : "none",
-					pin, vpin,
-					(bdf & 0xff00U) >> 8U,
+			len = snprintf(str, size, "\t%s\t%hhu\t%hhu\t%x:%x.%x\t%x:%x.%x",
+					is_entry_active(entry) ? (lvl_tm ? "level" : "edge") : "none",
+					pin, vpin, (bdf & 0xff00U) >> 8U,
 					(bdf & 0xf8U) >> 3U, bdf & 0x7U,
 					(vbdf & 0xff00U) >> 8U,
 					(vbdf & 0xf8U) >> 3U, vbdf & 0x7U);
+			if (len >= size) {
+				spinlock_release(&ptdev_lock);
+				goto overflow;
+			}
 			size -= len;
 			str += len;
 		}
@ -891,5 +896,9 @@ void get_ptdev_info(char *str_arg, size_t str_max)
 	spinlock_release(&ptdev_lock);

 	snprintf(str, size, "\r\n");
+	return;
+
+overflow:
+	printf("buffer size could not be enough! please check!\n");
 }
 #endif /* HV_DEBUG */
--- a/hypervisor/arch/x86/guest/vcpu.c
+++ b/hypervisor/arch/x86/guest/vcpu.c
@ -668,6 +668,9 @@ void vcpu_dumpreg(void *data)
 		vcpu_get_gpreg(vcpu, CPU_REG_R13),
 		vcpu_get_gpreg(vcpu, CPU_REG_R14),
 		vcpu_get_gpreg(vcpu, CPU_REG_R15));
+	if (len >= size) {
+		goto overflow;
+	}
 	size -= len;
 	str += len;

@ -678,24 +681,34 @@ void vcpu_dumpreg(void *data)
 	if (status < 0) {
 		/* copy_from_gva fail */
 		len = snprintf(str, size, "Cannot handle user gva yet!\r\n");
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;
 	} else {
-		len = snprintf(str, size,
-			"\r\nDump RSP for vm %hu, from gva 0x%016llx\r\n",
+		len = snprintf(str, size, "\r\nDump RSP for vm %hu, from gva 0x%016llx\r\n",
 			vcpu->vm->vm_id, vcpu_get_gpreg(vcpu, CPU_REG_RSP));
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;

 		for (i = 0UL; i < 8UL; i++) {
-			len = snprintf(str, size, "=  0x%016llx  0x%016llx  "
-					"0x%016llx  0x%016llx\r\n",
-					tmp[i*4UL], tmp[(i*4UL)+1UL],
-					tmp[(i*4UL)+2UL], tmp[(i*4UL)+3UL]);
+			len = snprintf(str, size, "=  0x%016llx  0x%016llx 0x%016llx  0x%016llx\r\n",
+					tmp[i*4UL], tmp[(i*4UL)+1UL], tmp[(i*4UL)+2UL], tmp[(i*4UL)+3UL]);
+			if (len >= size) {
+				goto overflow;
+			}
 			size -= len;
 			str += len;
 		}
 	}
+	return;
+
+overflow:
+	printf("buffer size could not be enough! please check!\n");
 }
 #else
 void vcpu_dumpreg(__unused void *data)
--- a/hypervisor/arch/x86/ioapic.c
+++ b/hypervisor/arch/x86/ioapic.c
@ -445,8 +445,10 @@ int get_ioapic_info(char *str_arg, size_t str_max_len)
 	uint32_t irq;
 	size_t len, size = str_max_len;

-	len = snprintf(str, size,
-	"\r\nIRQ\tPIN\tRTE.HI32\tRTE.LO32\tVEC\tDST\tDM\tTM\tDELM\tIRR\tMASK");
+	len = snprintf(str, size, "\r\nIRQ\tPIN\tRTE.HI32\tRTE.LO32\tVEC\tDST\tDM\tTM\tDELM\tIRR\tMASK");
+	if (len >= size) {
+		goto overflow;
+	}
 	size -= len;
 	str += len;

@ -463,24 +465,27 @@ int get_ioapic_info(char *str_arg, size_t str_max_len)
 		get_rte_info(rte, &mask, &irr, &phys, &delmode, &level,
 			&vector, &dest);

-		len = snprintf(str, size, "\r\n%03d\t%03hhu\t0x%08X\t0x%08X\t",
-			irq, pin, rte.u.hi_32, rte.u.lo_32);
+		len = snprintf(str, size, "\r\n%03d\t%03hhu\t0x%08X\t0x%08X\t", irq, pin, rte.u.hi_32, rte.u.lo_32);
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;

 		len = snprintf(str, size, "0x%02X\t0x%02X\t%s\t%s\t%u\t%d\t%d",
-			vector, dest, phys ? "phys" : "logic",
-			level ? "level" : "edge", delmode >> 8, irr, mask);
+			vector, dest, phys ? "phys" : "logic", level ? "level" : "edge", delmode >> 8, irr, mask);
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;
-
-		if (size < 2U) {
-			pr_err("\r\nsmall buffer for ioapic dump");
-			return -1;
-		}
 	}

 	snprintf(str, size, "\r\n");
 	return 0;
+
+overflow:
+	printf("buffer size could not be enough! please check!\n");
+	return 0;
 }
 #endif /* HV_DEBUG */
--- a/hypervisor/arch/x86/irq.c
+++ b/hypervisor/arch/x86/irq.c
@ -411,10 +411,17 @@ void get_cpu_interrupt_info(char *str_arg, size_t str_max)
 	size_t len, size = str_max;

 	len = snprintf(str, size, "\r\nIRQ\tVECTOR");
+	if (len >= size) {
+		goto overflow;
+	}
 	size -= len;
 	str += len;
+
 	for (pcpu_id = 0U; pcpu_id < phys_cpu_num; pcpu_id++) {
 		len = snprintf(str, size, "\tCPU%d", pcpu_id);
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;
 	}
@ -425,17 +432,27 @@ void get_cpu_interrupt_info(char *str_arg, size_t str_max)
 			irq_alloc_bitmap + (irq >> 6U))
 			&& (vector != VECTOR_INVALID)) {
 			len = snprintf(str, size, "\r\n%d\t0x%X", irq, vector);
+			if (len >= size) {
+				goto overflow;
+			}
 			size -= len;
 			str += len;
+
 			for (pcpu_id = 0U; pcpu_id < phys_cpu_num; pcpu_id++) {
-				len = snprintf(str, size, "\t%d",
-					per_cpu(irq_count, pcpu_id)[irq]);
+				len = snprintf(str, size, "\t%d", per_cpu(irq_count, pcpu_id)[irq]);
+				if (len >= size) {
+					goto overflow;
+				}
 				size -= len;
 				str += len;
 			}
 		}
 	}
 	snprintf(str, size, "\r\n");
+	return;
+
+overflow:
+	printf("buffer size could not be enough! please check!\n");
 }
 #endif /* HV_DEBUG */

--- a/hypervisor/dm/vioapic.c
+++ b/hypervisor/dm/vioapic.c
@ -586,15 +586,19 @@ void get_vioapic_info(char *str_arg, size_t str_max, uint16_t vmid)
 	uint32_t pin, pincount;

 	if (vm == NULL) {
-		len = snprintf(str, size,
-			"\r\nvm is not exist for vmid %hu", vmid);
+		len = snprintf(str, size, "\r\nvm is not exist for vmid %hu", vmid);
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;
 		goto END;
 	}

-	len = snprintf(str, size,
-		"\r\nPIN\tVEC\tDM\tDEST\tTM\tDELM\tIRR\tMASK");
+	len = snprintf(str, size, "\r\nPIN\tVEC\tDM\tDEST\tTM\tDELM\tIRR\tMASK");
+	if (len >= size) {
+		goto overflow;
+	}
 	size -= len;
 	str += len;

@ -610,15 +614,20 @@ void get_vioapic_info(char *str_arg, size_t str_max, uint16_t vmid)
 		vector = rte.u.lo_32 & IOAPIC_RTE_LOW_INTVEC;
 		dest = (uint32_t)(rte.full >> IOAPIC_RTE_DEST_SHIFT);

-		len = snprintf(str, size,
-				"\r\n%hhu\t0x%X\t%s\t0x%X\t%s\t%u\t%d\t%d",
-				pin, vector, phys ? "phys" : "logic",
-				dest, level ? "level" : "edge",
+		len = snprintf(str, size, "\r\n%hhu\t0x%X\t%s\t0x%X\t%s\t%u\t%d\t%d",
+				pin, vector, phys ? "phys" : "logic", dest, level ? "level" : "edge",
 				delmode >> 8U, remote_irr, mask);
+		if (len >= size) {
+			goto overflow;
+		}
 		size -= len;
 		str += len;
 	}
 END:
 	snprintf(str, size, "\r\n");
+	return;
+
+overflow:
+	printf("buffer size could not be enough! please check!\n");
 }
 #endif /* HV_DEBUG */