diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-12-08 04:04:48 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-12-08 04:04:48 +0000 |
| commit | a93ccde220f56901c82a9705d548c939e35d4753 (patch) | |
| tree | 654c391a6c77c02d72e2d52b65eb6e1a042ef3a9 | |
| parent | 228a911899dea8b5e9ff39b8313cefacb82d7ef4 (diff) | |
| parent | a1aa34909cab8726d857cf65d1af8759e1c49c21 (diff) | |
| download | crosvm-android13-security-release.tar.gz | |
Merge cherrypicks of ['ag/20586865'] into security-aosp-tm-release.android-security-13.0.0_r9android-security-13.0.0_r8android-security-13.0.0_r7android-security-13.0.0_r6android-security-13.0.0_r5android-security-13.0.0_r4android-security-13.0.0_r3android-security-13.0.0_r2android-security-13.0.0_r17android-security-13.0.0_r16android-security-13.0.0_r15android-security-13.0.0_r14android-security-13.0.0_r13android-security-13.0.0_r12android-security-13.0.0_r11android-security-13.0.0_r10android13-security-release
Change-Id: I194db72d87c0c1f2e45e73fa78bf949d782b34e9
| -rw-r--r-- | devices/src/virtio/queue.rs | 7 | ||||
| -rw-r--r-- | vm_memory/src/guest_memory.rs | 23 |
2 files changed, 24 insertions, 6 deletions
diff --git a/devices/src/virtio/queue.rs b/devices/src/virtio/queue.rs index a436f748f..1e4d8bdfb 100644 --- a/devices/src/virtio/queue.rs +++ b/devices/src/virtio/queue.rs @@ -162,11 +162,8 @@ impl DescriptorChain { if self.len > 0 { match self.get_mem_regions() { Ok(regions) => { - if regions.iter().any(|r| { - self.mem - .checked_offset(r.gpa, r.len as u64 - 1u64) - .is_none() - }) { + // Each region in `self.regions` must be a contiguous range in `self.mem`. + if !regions.iter().all(|r| self.mem.is_valid_range(r.gpa, r.len as u64)) { return false; } } diff --git a/vm_memory/src/guest_memory.rs b/vm_memory/src/guest_memory.rs index 47c3ba4fd..7c5b4d407 100644 --- a/vm_memory/src/guest_memory.rs +++ b/vm_memory/src/guest_memory.rs @@ -315,7 +315,10 @@ impl GuestMemory { .any(|region| region.start() < end && start < region.end()) } - /// Returns the address plus the offset if it is in range. + /// Returns an address `addr + offset` if it's in range. + /// + /// This function doesn't care whether a region `[addr, addr + offset)` is in range or not. To + /// guarantee it's a valid range, use `is_valid_range()` instead. pub fn checked_offset(&self, addr: GuestAddress, offset: u64) -> Option<GuestAddress> { addr.checked_add(offset).and_then(|a| { if self.address_in_range(a) { @@ -326,6 +329,24 @@ impl GuestMemory { }) } + /// Returns true if the given range `[start, start + length)` is a valid contiguous memory + /// range available to the guest and it's backed by a single underlying memory region. + pub fn is_valid_range(&self, start: GuestAddress, length: u64) -> bool { + if length == 0 { + return false; + } + + let end = if let Some(end) = start.checked_add(length - 1) { + end + } else { + return false; + }; + + self.regions + .iter() + .any(|region| region.start() <= start && end < region.end()) + } + /// Returns the size of the memory region in bytes. pub fn num_regions(&self) -> u64 { self.regions.len() as u64 |