[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 06/15] qemu-nbd: more robust handling of invalid req
|
From: |
Paolo Bonzini |
|
Subject: |
[Qemu-devel] [PATCH 06/15] qemu-nbd: more robust handling of invalid requests |
|
Date: |
Mon, 10 Oct 2011 11:37:48 +0200 |
Fail invalid requests with EINVAL instead of dropping them into
the void.
Signed-off-by: Paolo Bonzini <address@hidden>
---
nbd.c | 57 ++++++++++++++++++++++++++++++---------------------------
1 files changed, 30 insertions(+), 27 deletions(-)
diff --git a/nbd.c b/nbd.c
index 5fd6daf..ec84071 100644
--- a/nbd.c
+++ b/nbd.c
@@ -626,18 +626,19 @@ int nbd_trip(BlockDriverState *bs, int csock, off_t size,
if (nbd_receive_request(csock, &request) == -1)
return -1;
+ reply.handle = request.handle;
+ reply.error = 0;
+
if (request.len > NBD_BUFFER_SIZE) {
LOG("len (%u) is larger than max len (%u)",
request.len, NBD_BUFFER_SIZE);
- errno = EINVAL;
- return -1;
+ goto invalid_request;
}
if ((request.from + request.len) < request.from) {
LOG("integer overflow detected! "
"you're probably being attacked");
- errno = EINVAL;
- return -1;
+ goto invalid_request;
}
if ((request.from + request.len) > size) {
@@ -645,15 +646,11 @@ int nbd_trip(BlockDriverState *bs, int csock, off_t size,
", Offset: %" PRIu64 "\n",
request.from, request.len, (uint64_t)size, dev_offset);
LOG("requested operation past EOF--bad client?");
- errno = EINVAL;
- return -1;
+ goto invalid_request;
}
TRACE("Decoding type");
- reply.handle = request.handle;
- reply.error = 0;
-
switch (request.type & NBD_CMD_MASK_COMMAND) {
case NBD_CMD_READ:
TRACE("Request type is READ");
@@ -663,7 +660,7 @@ int nbd_trip(BlockDriverState *bs, int csock, off_t size,
if (ret < 0) {
LOG("reading from file failed");
reply.error = -ret;
- request.len = 0;
+ goto error_reply;
}
TRACE("Read %u byte(s)", request.len);
@@ -683,24 +680,26 @@ int nbd_trip(BlockDriverState *bs, int csock, off_t size,
if (nbdflags & NBD_FLAG_READ_ONLY) {
TRACE("Server is read-only, return error");
- reply.error = 1;
- } else {
- TRACE("Writing to device");
+ reply.error = EROFS;
+ goto error_reply;
+ }
+
+ TRACE("Writing to device");
+
+ ret = bdrv_write(bs, (request.from + dev_offset) / 512,
+ data, request.len / 512);
+ if (ret < 0) {
+ LOG("writing to file failed");
+ reply.error = -ret;
+ goto error_reply;
+ }
- ret = bdrv_write(bs, (request.from + dev_offset) / 512,
- data, request.len / 512);
+ if (request.type & NBD_CMD_FLAG_FUA) {
+ ret = bdrv_flush(bs);
if (ret < 0) {
- LOG("writing to file failed");
+ LOG("flush failed");
reply.error = -ret;
- request.len = 0;
- }
-
- if (request.type & NBD_CMD_FLAG_FUA) {
- ret = bdrv_flush(bs);
- if (ret < 0) {
- LOG("flush failed");
- reply.error = -ret;
- }
+ goto error_reply;
}
}
@@ -736,8 +735,12 @@ int nbd_trip(BlockDriverState *bs, int csock, off_t size,
break;
default:
LOG("invalid request type (%u) received", request.type);
- errno = EINVAL;
- return -1;
+ invalid_request:
+ reply.error = -EINVAL;
+ error_reply:
+ if (nbd_do_send_reply(csock, &reply, NULL, 0) == -1)
+ return -1;
+ break;
}
TRACE("Request/Reply complete");
--
1.7.6
- [Qemu-devel] [PATCH 00/15] NBD server improvements, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 01/15] qemu-nbd: remove offset argument to nbd_trip, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 02/15] qemu-nbd: remove data_size argument to nbd_trip, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 03/15] move corking functions to osdep.c, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 04/15] qemu-nbd: simplify nbd_trip, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 06/15] qemu-nbd: more robust handling of invalid requests,
Paolo Bonzini <=
- [Qemu-devel] [PATCH 11/15] qemu-nbd: use common main loop, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 07/15] qemu-nbd: introduce nbd_do_receive_request, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 14/15] qemu-nbd: asynchronous operation, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 08/15] qemu-nbd: introduce NBDExport, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 05/15] qemu-nbd: introduce nbd_do_send_reply, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 12/15] qemu-nbd: move client handling to nbd.c, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 10/15] link the main loop and its dependencies into the tools, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 13/15] qemu-nbd: add client pointer to NBDRequest, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 09/15] qemu-nbd: introduce NBDRequest, Paolo Bonzini, 2011/10/10
- [Qemu-devel] [PATCH 15/15] qemu-nbd: throttle requests, Paolo Bonzini, 2011/10/10