search

OpenAMP / open-amp

The main OpenAMP library implementing RPMSG, Virtio, and Remoteproc for RTOS etc
https://www.openampproject.org/
Other
721 stars 291 forks source link

Verifying buffer for zero copy routines #360

Open tammyleino opened 2 years ago

tammyleino commented 2 years ago

The following API functions take a buffer address as an input parameter but do not validate that the buffer is valid; rpmsg_hold_rx_buffer, rpmsg_release_rx_buffer, rpmsg_send_offchannel_nocopy.

I suggest adding checks that the buffer plus any data is within the range of valid shared memory within the rpmsg_virtio.c routines.

arnopo commented 2 years ago

Right, a test is done to check that buffer is not null but not that the buffer is valid. Checking that the buffer is in the shared memory prevents from writing in other memory but not prevent to corrupt other buffers or vrings.

On the other hand , to many checks on buffer would impact the performance.

for this issue, a pull request would allow a better understanding of the impact.

tammyleino commented 2 years ago

https://github.com/OpenAMP/open-amp/pull/406

github-actions[bot] commented 1 year ago

This issue has been marked as a stale issue because it has been open (more than) 45 days with no activity.