From: VMware, Inc <>
Date: Tue, 24 Aug 2010 17:54:34 +0000 (-0700)
Subject: When a handle being passed down to VMCIDoorbell_Create() was not initialized
X-Git-Tag: 2010.08.24-292196~75
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3225e5e0ef726b07a998cc1eddb35645edf514b5;p=thirdparty%2Fopen-vm-tools.git

When a handle being passed down to VMCIDoorbell_Create() was not initialized
to VMCI_INVALID_HANDLE, a doorbell was being created with context id 0
(hypervisor id) and a large resource id (likely the garbage value in
handle.resource).

On the guest side, modified VMCINotifyHashAddEntry so that if the handle
passed down is not VMCI_INVALID_HANDLE and if the context id of the handle
is not the context id of the VM, VMCI_ERROR_INVALID_ARGS will be returned.

Signed-off-by: Marcelo Vanzin <mvanzin@vmware.com>
---

diff --git a/open-vm-tools/modules/linux/vmci/vmciNotifications.c b/open-vm-tools/modules/linux/vmci/vmciNotifications.c
index e04f1ce4a..740fcda22 100644
--- a/open-vm-tools/modules/linux/vmci/vmciNotifications.c
+++ b/open-vm-tools/modules/linux/vmci/vmciNotifications.c
@@ -257,6 +257,14 @@ VMCINotifyHashAddEntry(VMCINotifyHashEntry *entry) // IN
          goto out;
       }
       entry->handle = newHandle;
+   } else if (VMCI_GetContextID() != entry->handle.context) {
+      /*
+       * The context id passed down should either be invalid or
+       * the context id of the guest.
+       */
+
+      result = VMCI_ERROR_INVALID_ARGS;
+      goto out;
    }
 
    if (VMCINotifyHashFindByHandle(entry->handle, entry->doorbell, &bucket)) {