Verifying buffer for zero copy routines #360
Labels
Comments
|
Right, a test is done to check that buffer is not null but not that the buffer is valid. Checking that the buffer is in the shared memory prevents from writing in other memory but not prevent to corrupt other buffers or vrings. On the other hand , to many checks on buffer would impact the performance. for this issue, a pull request would allow a better understanding of the impact. |
|
This issue has been marked as a stale issue because it has been open (more than) 45 days with no activity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following API functions take a buffer address as an input parameter but do not validate that the buffer is valid; rpmsg_hold_rx_buffer, rpmsg_release_rx_buffer, rpmsg_send_offchannel_nocopy.
I suggest adding checks that the buffer plus any data is within the range of valid shared memory within the rpmsg_virtio.c routines.
The text was updated successfully, but these errors were encountered: