From: VMware, Inc <>
Date: Tue, 24 Aug 2010 18:32:07 +0000 (-0700)
Subject: Null Pointer Check
X-Git-Tag: 2010.08.24-292196~31
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5fb7f000b6a42d0bac005b1c8c0675c7679b04fb;p=thirdparty%2Fopen-vm-tools.git

Null Pointer Check
1. Modified all exported functions to validate the input parameter for
non-null.
2. Modified VMCIQPair_Detach to return a result (instead of void) based
on success/failure of the detach operation.
3. Bumped the guest driver version.

Note: Functions calling VMCIQPair_Detach (like vsock module) should probably
start checking the result now. However, this would most likely not affect
existing calls.

Signed-off-by: Marcelo Vanzin <mvanzin@vmware.com>
---

diff --git a/open-vm-tools/modules/linux/shared/vmciKernelAPI.h b/open-vm-tools/modules/linux/shared/vmciKernelAPI.h
index 953c31758..5ebbe1ad3 100644
--- a/open-vm-tools/modules/linux/shared/vmciKernelAPI.h
+++ b/open-vm-tools/modules/linux/shared/vmciKernelAPI.h
@@ -105,15 +105,15 @@ int VMCIQPair_Alloc(VMCIQPair **qpair,
                     uint32 flags,
                     VMCIPrivilegeFlags privFlags);
 
-void VMCIQPair_Detach(VMCIQPair **qpair);
+int VMCIQPair_Detach(VMCIQPair **qpair);
 
 void VMCIQPair_Init(VMCIQPair *qpair);
-void VMCIQPair_GetProduceIndexes(const VMCIQPair *qpair,
-                                 uint64 *producerTail,
-                                 uint64 *consumerHead);
-void VMCIQPair_GetConsumeIndexes(const VMCIQPair *qpair,
-                                 uint64 *consumerTail,
-                                 uint64 *producerHead);
+int VMCIQPair_GetProduceIndexes(const VMCIQPair *qpair,
+                                uint64 *producerTail,
+                                uint64 *consumerHead);
+int VMCIQPair_GetConsumeIndexes(const VMCIQPair *qpair,
+                                uint64 *consumerTail,
+                                uint64 *producerHead);
 int64 VMCIQPair_ProduceFreeSpace(const VMCIQPair *qpair);
 int64 VMCIQPair_ProduceBufReady(const VMCIQPair *qpair);
 int64 VMCIQPair_ConsumeFreeSpace(const VMCIQPair *qpair);
diff --git a/open-vm-tools/modules/linux/vmci/vmciQPair.c b/open-vm-tools/modules/linux/vmci/vmciQPair.c
index 92ac7e167..76b41c9f0 100644
--- a/open-vm-tools/modules/linux/vmci/vmciQPair.c
+++ b/open-vm-tools/modules/linux/vmci/vmciQPair.c
@@ -178,7 +178,7 @@ VMCIQPair_Alloc(VMCIQPair **qpair,            // OUT
  *      VMCIQPair structure, too.
  *
  * Results:
- *      None.
+ *      An error, if < 0.
  *
  * Side effects:
  *      Will clear the caller's pointer to the VMCIQPair structure.
@@ -186,27 +186,37 @@ VMCIQPair_Alloc(VMCIQPair **qpair,            // OUT
  *-----------------------------------------------------------------------------
  */
 
-void
+int
 VMCIQPair_Detach(VMCIQPair **qpair) // IN/OUT
 {
-   VMCIQPair *oldQPair = *qpair;
+   int result;
+   VMCIQPair *oldQPair;
 
-   VMCIQueuePair_Detach(oldQPair->handle);
+   if (!qpair || !(*qpair)) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
+   oldQPair = *qpair;
+   result = VMCIQueuePair_Detach(oldQPair->handle);
 
+   if  (result >= VMCI_SUCCESS) {
 #ifdef DEBUG
-   oldQPair->handle = VMCI_INVALID_HANDLE;
-   oldQPair->produceQ = NULL;
-   oldQPair->consumeQ = NULL;
-   oldQPair->produceQSize = 0;
-   oldQPair->consumeQSize = 0;
-   oldQPair->flags = 0;
-   oldQPair->privFlags = 0;
-   oldQPair->peer = VMCI_INVALID_ID;
+      oldQPair->handle = VMCI_INVALID_HANDLE;
+      oldQPair->produceQ = NULL;
+      oldQPair->consumeQ = NULL;
+      oldQPair->produceQSize = 0;
+      oldQPair->consumeQSize = 0;
+      oldQPair->flags = 0;
+      oldQPair->privFlags = 0;
+      oldQPair->peer = VMCI_INVALID_ID;
 #endif
 
-   VMCI_FreeKernelMem(oldQPair, sizeof *oldQPair);
+      VMCI_FreeKernelMem(oldQPair, sizeof *oldQPair);
+
+      *qpair = NULL;
+   }
 
-   *qpair = NULL;
+   return result;
 }
 
 
@@ -286,7 +296,7 @@ VMCIQPairUnlock(const VMCIQPair *qpair) // IN
  *      pointers.
  *
  * Results:
- *      None.
+ *      err, if < 0
  *
  * Side effects:
  *      Windows blocking call.
@@ -299,7 +309,9 @@ VMCIQPair_Init(VMCIQPair *qpair)
 {
    VMCIQPairLock(qpair);
 
-   if (NULL != qpair->produceQ && NULL != qpair->produceQ->qHeader) {
+   if (NULL != qpair &&
+       NULL != qpair->produceQ &&
+       NULL != qpair->produceQ->qHeader) {
       VMCIQueueHeader_Init(qpair->produceQ->qHeader, qpair->handle);
    }
 
@@ -316,7 +328,8 @@ VMCIQPair_Init(VMCIQPair *qpair)
  *      QPair from the point of the view of the caller as the producer.
  *
  * Results:
- *      None.
+ *      err, if < 0
+ *      Success otherwise.
  *
  * Side effects:
  *      Windows blocking call.
@@ -324,11 +337,15 @@ VMCIQPair_Init(VMCIQPair *qpair)
  *-----------------------------------------------------------------------------
  */
 
-void
+int
 VMCIQPair_GetProduceIndexes(const VMCIQPair *qpair, // IN
                             uint64 *producerTail,   // OUT
                             uint64 *consumerHead)   // OUT
 {
+   if (!qpair) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    VMCIQueueHeader_GetPointers(qpair->produceQ->qHeader,
@@ -337,6 +354,13 @@ VMCIQPair_GetProduceIndexes(const VMCIQPair *qpair, // IN
                                consumerHead);
 
    VMCIQPairUnlock(qpair);
+
+   if ((producerTail && *producerTail >= qpair->produceQSize) ||
+       (consumerHead && *consumerHead >= qpair->produceQSize)) {
+      return VMCI_ERROR_INVALID_SIZE;
+   }
+
+   return VMCI_SUCCESS;
 }
 
 
@@ -349,7 +373,8 @@ VMCIQPair_GetProduceIndexes(const VMCIQPair *qpair, // IN
  *      QPair from the point of the view of the caller as the consumer.
  *
  * Results:
- *      None.
+ *      err, if < 0
+ *      Success otherwise.
  *
  * Side effects:
  *      Windows blocking call.
@@ -357,11 +382,15 @@ VMCIQPair_GetProduceIndexes(const VMCIQPair *qpair, // IN
  *-----------------------------------------------------------------------------
  */
 
-void
+int
 VMCIQPair_GetConsumeIndexes(const VMCIQPair *qpair, // IN
                             uint64 *consumerTail,   // OUT
                             uint64 *producerHead)   // OUT
 {
+   if (!qpair) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    VMCIQueueHeader_GetPointers(qpair->consumeQ->qHeader,
@@ -370,6 +399,13 @@ VMCIQPair_GetConsumeIndexes(const VMCIQPair *qpair, // IN
                                producerHead);
 
    VMCIQPairUnlock(qpair);
+
+   if ((consumerTail && *consumerTail >= qpair->consumeQSize) ||
+       (producerHead && *producerHead >= qpair->consumeQSize)) {
+      return VMCI_ERROR_INVALID_SIZE;
+   }
+
+   return VMCI_SUCCESS;
 }
 
 #if defined __linux__ && !defined VMKERNEL
@@ -404,6 +440,10 @@ VMCIQPair_ProduceFreeSpace(const VMCIQPair *qpair) // IN
 {
    int64 result;
 
+   if (!qpair) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result = VMCIQueueHeader_FreeSpace(qpair->produceQ->qHeader,
@@ -442,6 +482,10 @@ VMCIQPair_ConsumeFreeSpace(const VMCIQPair *qpair) // IN
 {
    int64 result;
 
+   if (!qpair) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result = VMCIQueueHeader_FreeSpace(qpair->consumeQ->qHeader,
@@ -480,6 +524,10 @@ VMCIQPair_ProduceBufReady(const VMCIQPair *qpair) // IN
 {
    int64 result;
 
+   if (!qpair) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result = VMCIQueueHeader_BufReady(qpair->produceQ->qHeader,
@@ -517,6 +565,10 @@ VMCIQPair_ConsumeBufReady(const VMCIQPair *qpair) // IN
 {
    int64 result;
 
+   if (!qpair) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result = VMCIQueueHeader_BufReady(qpair->consumeQ->qHeader,
@@ -713,6 +765,10 @@ VMCIQPair_Enqueue(VMCIQPair *qpair,        // IN
 {
    ssize_t result;
 
+   if (!qpair || !buf) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result =  EnqueueLocked(qpair->produceQ,
@@ -752,6 +808,10 @@ VMCIQPair_Dequeue(VMCIQPair *qpair,        // IN
 {
    ssize_t result;
 
+   if (!qpair || !buf) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result =  DequeueLocked(qpair->produceQ,
@@ -793,6 +853,10 @@ VMCIQPair_Peek(VMCIQPair *qpair,    // IN
 {
    ssize_t result;
 
+   if (!qpair || !buf) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result =  DequeueLocked(qpair->produceQ,
@@ -843,6 +907,10 @@ VMCIQPair_EnqueueV(VMCIQPair *qpair,        // IN
 {
    ssize_t result;
 
+   if (!qpair || !iov) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result =  EnqueueLocked(qpair->produceQ,
@@ -884,6 +952,10 @@ VMCIQPair_DequeueV(VMCIQPair *qpair,         // IN
 
    VMCIQPairLock(qpair);
 
+   if (!qpair || !iov) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    result =  DequeueLocked(qpair->produceQ,
                            qpair->consumeQ,
                            qpair->consumeQSize,
@@ -923,6 +995,10 @@ VMCIQPair_PeekV(VMCIQPair *qpair,           // IN
 {
    ssize_t result;
 
+   if (!qpair || !iov) {
+      return VMCI_ERROR_INVALID_ARGS;
+   }
+
    VMCIQPairLock(qpair);
 
    result =  DequeueLocked(qpair->produceQ,
diff --git a/open-vm-tools/modules/linux/vmci/vmci_version.h b/open-vm-tools/modules/linux/vmci/vmci_version.h
index 777849400..8350a34eb 100644
--- a/open-vm-tools/modules/linux/vmci/vmci_version.h
+++ b/open-vm-tools/modules/linux/vmci/vmci_version.h
@@ -25,8 +25,8 @@
 #ifndef _VMCI_VERSION_H_
 #define _VMCI_VERSION_H_
 
-#define VMCI_DRIVER_VERSION          1.0.21.0
-#define VMCI_DRIVER_VERSION_COMMAS   1,0,21,0
-#define VMCI_DRIVER_VERSION_STRING   "1.0.21.0"
+#define VMCI_DRIVER_VERSION          1.0.22.0
+#define VMCI_DRIVER_VERSION_COMMAS   1,0,22,0
+#define VMCI_DRIVER_VERSION_STRING   "1.0.22.0"
 
 #endif /* _VMCI_VERSION_H_ */