migration/rdma: Safely convert control types

control_desc[] is an array of strings that correspond to a
series of message types; they're used only for error messages, but if
the message type is seriously broken then we could go off the end of
the array.

Convert the array to a function control_desc() that bound checks.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20170717110936.23314-6-dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
This commit is contained in:
Dr. David Alan Gilbert 2017-07-17 12:09:35 +01:00 committed by Juan Quintela
parent 9c98cfbe72
commit 482a33c53c

View File

@ -165,20 +165,6 @@ enum {
RDMA_CONTROL_UNREGISTER_FINISHED, /* unpinning finished */ RDMA_CONTROL_UNREGISTER_FINISHED, /* unpinning finished */
}; };
static const char *control_desc[] = {
[RDMA_CONTROL_NONE] = "NONE",
[RDMA_CONTROL_ERROR] = "ERROR",
[RDMA_CONTROL_READY] = "READY",
[RDMA_CONTROL_QEMU_FILE] = "QEMU FILE",
[RDMA_CONTROL_RAM_BLOCKS_REQUEST] = "RAM BLOCKS REQUEST",
[RDMA_CONTROL_RAM_BLOCKS_RESULT] = "RAM BLOCKS RESULT",
[RDMA_CONTROL_COMPRESS] = "COMPRESS",
[RDMA_CONTROL_REGISTER_REQUEST] = "REGISTER REQUEST",
[RDMA_CONTROL_REGISTER_RESULT] = "REGISTER RESULT",
[RDMA_CONTROL_REGISTER_FINISHED] = "REGISTER FINISHED",
[RDMA_CONTROL_UNREGISTER_REQUEST] = "UNREGISTER REQUEST",
[RDMA_CONTROL_UNREGISTER_FINISHED] = "UNREGISTER FINISHED",
};
/* /*
* Memory and MR structures used to represent an IB Send/Recv work request. * Memory and MR structures used to represent an IB Send/Recv work request.
@ -251,6 +237,30 @@ typedef struct QEMU_PACKED RDMADestBlock {
uint32_t padding; uint32_t padding;
} RDMADestBlock; } RDMADestBlock;
static const char *control_desc(unsigned int rdma_control)
{
static const char *strs[] = {
[RDMA_CONTROL_NONE] = "NONE",
[RDMA_CONTROL_ERROR] = "ERROR",
[RDMA_CONTROL_READY] = "READY",
[RDMA_CONTROL_QEMU_FILE] = "QEMU FILE",
[RDMA_CONTROL_RAM_BLOCKS_REQUEST] = "RAM BLOCKS REQUEST",
[RDMA_CONTROL_RAM_BLOCKS_RESULT] = "RAM BLOCKS RESULT",
[RDMA_CONTROL_COMPRESS] = "COMPRESS",
[RDMA_CONTROL_REGISTER_REQUEST] = "REGISTER REQUEST",
[RDMA_CONTROL_REGISTER_RESULT] = "REGISTER RESULT",
[RDMA_CONTROL_REGISTER_FINISHED] = "REGISTER FINISHED",
[RDMA_CONTROL_UNREGISTER_REQUEST] = "UNREGISTER REQUEST",
[RDMA_CONTROL_UNREGISTER_FINISHED] = "UNREGISTER FINISHED",
};
if (rdma_control > RDMA_CONTROL_UNREGISTER_FINISHED) {
return "??BAD CONTROL VALUE??";
}
return strs[rdma_control];
}
static uint64_t htonll(uint64_t v) static uint64_t htonll(uint64_t v)
{ {
union { uint32_t lv[2]; uint64_t llv; } u; union { uint32_t lv[2]; uint64_t llv; } u;
@ -1641,7 +1651,7 @@ static int qemu_rdma_post_send_control(RDMAContext *rdma, uint8_t *buf,
.num_sge = 1, .num_sge = 1,
}; };
trace_qemu_rdma_post_send_control(control_desc[head->type]); trace_qemu_rdma_post_send_control(control_desc(head->type));
/* /*
* We don't actually need to do a memcpy() in here if we used * We don't actually need to do a memcpy() in here if we used
@ -1720,16 +1730,16 @@ static int qemu_rdma_exchange_get_response(RDMAContext *rdma,
network_to_control((void *) rdma->wr_data[idx].control); network_to_control((void *) rdma->wr_data[idx].control);
memcpy(head, rdma->wr_data[idx].control, sizeof(RDMAControlHeader)); memcpy(head, rdma->wr_data[idx].control, sizeof(RDMAControlHeader));
trace_qemu_rdma_exchange_get_response_start(control_desc[expecting]); trace_qemu_rdma_exchange_get_response_start(control_desc(expecting));
if (expecting == RDMA_CONTROL_NONE) { if (expecting == RDMA_CONTROL_NONE) {
trace_qemu_rdma_exchange_get_response_none(control_desc[head->type], trace_qemu_rdma_exchange_get_response_none(control_desc(head->type),
head->type); head->type);
} else if (head->type != expecting || head->type == RDMA_CONTROL_ERROR) { } else if (head->type != expecting || head->type == RDMA_CONTROL_ERROR) {
error_report("Was expecting a %s (%d) control message" error_report("Was expecting a %s (%d) control message"
", but got: %s (%d), length: %d", ", but got: %s (%d), length: %d",
control_desc[expecting], expecting, control_desc(expecting), expecting,
control_desc[head->type], head->type, head->len); control_desc(head->type), head->type, head->len);
if (head->type == RDMA_CONTROL_ERROR) { if (head->type == RDMA_CONTROL_ERROR) {
rdma->received_error = true; rdma->received_error = true;
} }
@ -1839,7 +1849,7 @@ static int qemu_rdma_exchange_send(RDMAContext *rdma, RDMAControlHeader *head,
} }
} }
trace_qemu_rdma_exchange_send_waiting(control_desc[resp->type]); trace_qemu_rdma_exchange_send_waiting(control_desc(resp->type));
ret = qemu_rdma_exchange_get_response(rdma, resp, ret = qemu_rdma_exchange_get_response(rdma, resp,
resp->type, RDMA_WRID_DATA); resp->type, RDMA_WRID_DATA);
@ -1851,7 +1861,7 @@ static int qemu_rdma_exchange_send(RDMAContext *rdma, RDMAControlHeader *head,
if (resp_idx) { if (resp_idx) {
*resp_idx = RDMA_WRID_DATA; *resp_idx = RDMA_WRID_DATA;
} }
trace_qemu_rdma_exchange_send_received(control_desc[resp->type]); trace_qemu_rdma_exchange_send_received(control_desc(resp->type));
} }
rdma->control_ready_expected = 1; rdma->control_ready_expected = 1;
@ -3401,7 +3411,7 @@ static int qemu_rdma_registration_handle(QEMUFile *f, void *opaque)
ret = -EIO; ret = -EIO;
goto out; goto out;
default: default:
error_report("Unknown control message %s", control_desc[head.type]); error_report("Unknown control message %s", control_desc(head.type));
ret = -EIO; ret = -EIO;
goto out; goto out;
} }